Analysis
-
max time kernel
656s -
max time network
666s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
28/03/2025, 20:38
Errors
Reason
Machine shutdown
General
-
Target
Bully تعريب لعبة/ملف التعريب/SilentPatchBully.dll
-
Size
113KB
-
MD5
c854c8c64d7b398b1547b949edb062c7
-
SHA1
4e29e8ab68a45c39e4347fb715b8a341654cf609
-
SHA256
190e1a3d3eafc7d6d30a489d45e7b38265baed52966382f509017d3fc0e51c0a
-
SHA512
b9c0535503847e01b2b282d29f773682b80209196651aa65207dd7364b55cb5be6c4b90e63829072090ab9804448250ef2572512adb1013d6168ea26f2118f82
-
SSDEEP
3072:g4JNjeuSfd00Iy/xTH6rCHxna7/uuLU6CooaksfNgI/77d+P4V8:hNjcfdB/56mdINHV
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies data under HKEY_USERS 15 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Bully تعريب لعبة\ملف التعريب\SilentPatchBully.dll",#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Bully تعريب لعبة\ملف التعريب\SilentPatchBully.dll",#12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa38e9055 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx