Overview

overview

10

Static

static

8

TradingVie...op.exe

windows7-x64

10

TradingVie...op.exe

windows10-2004-x64

10

apt/SysWOW...nt.dll

windows10-2004-x64

3

apt/SysWOW...SE.dll

windows10-2004-x64

3

apt/SysWOW...vc.dll

windows10-2004-x64

3

apt/SysWOW...st.dll

windows10-2004-x64

3

apt/SysWOW...al.dll

windows10-2004-x64

3

apt/SysWOW...rs.dll

windows10-2004-x64

3

apt/SysWOW...fc.dll

windows10-2004-x64

3

apt/SysWOW...RT.dll

windows10-2004-x64

3

apt/SysWOW...al.dll

windows10-2004-x64

3

apt/SysWOW...Rt.dll

windows10-2004-x64

3

apt/SysWOW...er.dll

windows10-2004-x64

3

apt/SysWOW...PL.dll

windows10-2004-x64

3

apt/SysWOW...PL.dll

windows10-2004-x64

1

apt/SysWOW...nt.dll

windows10-2004-x64

3

apt/SysWOW...er.dll

windows10-2004-x64

3

apt/SysWOW...er.dll

windows10-2004-x64

3

apt/SysWOW...ds.dll

windows10-2004-x64

3

apt/SysWOW...er.dll

windows10-2004-x64

3

apt/SysWOW...pl.dll

windows10-2004-x64

3

apt/SysWOW...ub.dll

windows10-2004-x64

3

apt/SysWOW...as.dll

windows10-2004-x64

3

apt/SysWOW...ts.dll

windows10-2004-x64

3

apt/SysWOW...on.dll

windows10-2004-x64

3

apt/SysWOW...pi.dll

windows10-2004-x64

3

apt/SysWOW...op.dll

windows10-2004-x64

3

apt/SysWOW...SP.dll

windows10-2004-x64

3

apt/SysWOW...on.dll

windows10-2004-x64

3

apt/SysWOW...er.dll

windows10-2004-x64

3

apt/SysWOW...PS.dll

windows10-2004-x64

3

apt/SysWOW...32.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/03/2025, 02:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    apt/SysWOW64/AboveLockAppHost.dll

  • Size

    323KB

  • MD5

    a626c382a127b6fbf8e4c6329dc955a3

  • SHA1

    63abb74f551fdd9cb884e4d7fa218ec325b7f18e

  • SHA256

    e3efb4614a25fb6506677766c6a34319c9bfcc61ac062aef0620fa44564682dd

  • SHA512

    00e009831b4249d7da5889ed6657cc98fb9a66455287c3b7272884aa1ee7108a026384af95067f54bd52ab341ac1972a483b77a468d5d98857ea99fb88a14b4e

  • SSDEEP

    6144:JKEQzthmZWVwRgsqEd3214PCzPd0SmPVjFKupeIhm8n0gAYJ:k7Zh8WCRHqEd219JYPNeIhm8n0g

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\apt\SysWOW64\AboveLockAppHost.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1532
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\apt\SysWOW64\AboveLockAppHost.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2344

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads