c924d04db0dc4f4591c149b5ce9ea06f9bcc0628c9294b84cad522456f1c4cdd

Analysis

max time kernel
150s
max time network
155s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
18-07-2022 06:04

Target

core3_1.dll
Size

214KB
MD5

6a94e3723ca817d1af955d2ed03062bc
SHA1

0f3fbe7fbb072f30cad64e825811a9f5f323f3bc
SHA256

c924d04db0dc4f4591c149b5ce9ea06f9bcc0628c9294b84cad522456f1c4cdd
SHA512

87ddc3615491d99350c14b0c8214d1d7c200072ae8f74ab9af3cc0128fd78017b4c5d053b06b4bb2f6f05e1bb1afba662e0ccd673b910f5979ae3893dff4b658

Score

8^/10

Blocklisted process makes network request 22 IoCs

Processes:

rundll32.exe

Tries to connect to .bazar domain 10 IoCs

Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

Processes:

Unexpected DNS network traffic destination 18 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\core3_1.dll,#1
1⤵
- Blocklisted process makes network request
PID:1112