Overview

overview

10

Static

static

8

TradingVie...op.exe

windows7-x64

10

TradingVie...op.exe

windows10-2004-x64

10

apt/SysWOW...nt.dll

windows10-2004-x64

3

apt/SysWOW...SE.dll

windows10-2004-x64

3

apt/SysWOW...vc.dll

windows10-2004-x64

3

apt/SysWOW...st.dll

windows10-2004-x64

3

apt/SysWOW...al.dll

windows10-2004-x64

3

apt/SysWOW...rs.dll

windows10-2004-x64

3

apt/SysWOW...fc.dll

windows10-2004-x64

3

apt/SysWOW...RT.dll

windows10-2004-x64

3

apt/SysWOW...al.dll

windows10-2004-x64

3

apt/SysWOW...Rt.dll

windows10-2004-x64

3

apt/SysWOW...er.dll

windows10-2004-x64

3

apt/SysWOW...PL.dll

windows10-2004-x64

3

apt/SysWOW...PL.dll

windows10-2004-x64

1

apt/SysWOW...nt.dll

windows10-2004-x64

3

apt/SysWOW...er.dll

windows10-2004-x64

3

apt/SysWOW...er.dll

windows10-2004-x64

3

apt/SysWOW...ds.dll

windows10-2004-x64

3

apt/SysWOW...er.dll

windows10-2004-x64

3

apt/SysWOW...pl.dll

windows10-2004-x64

3

apt/SysWOW...ub.dll

windows10-2004-x64

3

apt/SysWOW...as.dll

windows10-2004-x64

3

apt/SysWOW...ts.dll

windows10-2004-x64

3

apt/SysWOW...on.dll

windows10-2004-x64

3

apt/SysWOW...pi.dll

windows10-2004-x64

3

apt/SysWOW...op.dll

windows10-2004-x64

3

apt/SysWOW...SP.dll

windows10-2004-x64

3

apt/SysWOW...on.dll

windows10-2004-x64

3

apt/SysWOW...er.dll

windows10-2004-x64

3

apt/SysWOW...PS.dll

windows10-2004-x64

3

apt/SysWOW...32.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    99s
  • max time network
    110s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/03/2025, 02:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    apt/SysWOW64/AppIdPolicyEngineApi.dll

  • Size

    279KB

  • MD5

    9f6ee25e32423b3db3948dc23051804e

  • SHA1

    eff0dd774cdb41cc49e70b2a5058743a2cf0f355

  • SHA256

    1d29d9927ed75ef12db2b42e42bef80916d6c7f64f615d99824fe313092e459e

  • SHA512

    cf95df9a04dde3cd4b7dd7f8dbc123e64f802a5d55a95750979afb53ee0bfc0b1ebe736f1905e4a572e38c11e4a269242e1dadcc6616ddc7b2d6dcd07a1ee83e

  • SSDEEP

    6144:MvlZCFVK21Gxw0+IaJsLHOuuI5mJ+3wRyJ3fFsAe67PTllGtwwZxJbZGSuS9UQkb:MzCt1Gxw0+hsLuuuIYJ+3wIJ3fFsA17b

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\apt\SysWOW64\AppIdPolicyEngineApi.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3276
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\apt\SysWOW64\AppIdPolicyEngineApi.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:5084

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads