Analysis
-
max time kernel
440s -
max time network
549s -
platform
windows10-ltsc_2021_x64 -
resource
win10ltsc2021-20250314-en -
resource tags
-
submitted
03/04/2025, 09:22
General
-
Target
EMV Reader Writer/X1 4.1/GlobalPlatform.dll
-
Size
767KB
-
MD5
4696b9fae32c96d487daa887d830261b
-
SHA1
e01f46ed39108d0fb7b57d7ec50fc688fbceb72b
-
SHA256
d516e641e63f4195c374ecedbee074c345af178d703fa0761c990141e056b992
-
SHA512
0b31bed9e8003ea915013d16561557d46e0ae6e7809d578e27f91dc346379cb47c3f2e50d815f3f49f8135eee5ca72693984eec428137eea2f77e581d1bfb7ac
-
SSDEEP
12288:tFmm3ESOWLzt9+5uxqUHudv3p6hUhJO4NdKVAZD53pqYK6oKs:Dx3ESM5uxqUHuJDhJO4n4AZ93pqYK6oJ
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\EMV Reader Writer\X1 4.1\GlobalPlatform.dll",#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\EMV Reader Writer\X1 4.1\GlobalPlatform.dll",#12⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 6243⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4784 -ip 47841⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
136KB