Analysis
-
max time kernel
581s -
max time network
595s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
28-09-2022 11:21
Static task
static1
Behavioral task
behavioral1
Sample
LdrAddx64.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
600 seconds
Behavioral task
behavioral2
Sample
LdrAddx64.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
2 signatures
600 seconds
General
-
Target
LdrAddx64.dll
-
Size
1.3MB
-
MD5
492c1b91d197497ea6ed72fb893e95d7
-
SHA1
c40252515d6430c86fb0f74ee36dc69482506f98
-
SHA256
70b1b7e12b950729c07faa03bd6ac26db5e0eb2e05c89976a51d977442c4e7d4
-
SHA512
9c2bae4b39e1d8e7734b0df9a0015a50858d82ecf4de67c979ad2defa8228b3bf78d7b63249eaf92223ba0a6b39ed560aa8911837d27d86c03f8fee2c0ea0589
-
SSDEEP
24576:TuSJZRchdf781ZH0hJrHb0Fm9Zx/h/oJLv8jeZXGiFpfU7y:Ww1uhJrHYm9Zx/G1v8jiXZFoy
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 28 IoCs
flow pid Process 1 1680 rundll32.exe 3 1680 rundll32.exe 4 1680 rundll32.exe 5 1680 rundll32.exe 8 1680 rundll32.exe 11 1680 rundll32.exe 14 1680 rundll32.exe 17 1680 rundll32.exe 18 1680 rundll32.exe 21 1680 rundll32.exe 22 1680 rundll32.exe 25 1680 rundll32.exe 26 1680 rundll32.exe 30 1680 rundll32.exe 31 1680 rundll32.exe 34 1680 rundll32.exe 37 1680 rundll32.exe 38 1680 rundll32.exe 41 1680 rundll32.exe 42 1680 rundll32.exe 45 1680 rundll32.exe 46 1680 rundll32.exe 49 1680 rundll32.exe 50 1680 rundll32.exe 53 1680 rundll32.exe 54 1680 rundll32.exe 57 1680 rundll32.exe 58 1680 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe 1680 rundll32.exe