Analysis
-
max time kernel
438s -
max time network
444s -
platform
windows10-ltsc_2021_x64 -
resource
win10ltsc2021-20250314-en -
resource tags
-
submitted
03/04/2025, 09:22
General
-
Target
EMV Reader Writer/X1v5/zlib1.dll
-
Size
105KB
-
MD5
b8a9e91134e7c89440a0f95470d5e47b
-
SHA1
3cbcee30fc0a7e9807931bc0dafceb627042bfc9
-
SHA256
42967a768f341d9ce5174eb38a4d63754c3c41739e7d88f4e39cd7354c1fac71
-
SHA512
e8583ea94b9d1321889359317e367abc88e90e96d0d9243258244a527ffa2b13ab97d0787693ca328960ceb934ea11eefd14abafd640a654473c26e420d2ec54
-
SSDEEP
3072:Y15jVjUqf9CtXH/4UghkGTBfmJyqLEC9BRY:Yf81wpTB+Jyqb
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\EMV Reader Writer\X1v5\zlib1.dll",#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\EMV Reader Writer\X1v5\zlib1.dll",#12⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 6003⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4400 -ip 44001⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
136KB