Analysis
-
max time kernel
591s -
max time network
597s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
28-09-2022 11:21
Static task
static1
Behavioral task
behavioral1
Sample
LdrAddx64.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
600 seconds
Behavioral task
behavioral2
Sample
LdrAddx64.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
2 signatures
600 seconds
General
-
Target
LdrAddx64.dll
-
Size
1.3MB
-
MD5
492c1b91d197497ea6ed72fb893e95d7
-
SHA1
c40252515d6430c86fb0f74ee36dc69482506f98
-
SHA256
70b1b7e12b950729c07faa03bd6ac26db5e0eb2e05c89976a51d977442c4e7d4
-
SHA512
9c2bae4b39e1d8e7734b0df9a0015a50858d82ecf4de67c979ad2defa8228b3bf78d7b63249eaf92223ba0a6b39ed560aa8911837d27d86c03f8fee2c0ea0589
-
SSDEEP
24576:TuSJZRchdf781ZH0hJrHb0Fm9Zx/h/oJLv8jeZXGiFpfU7y:Ww1uhJrHYm9Zx/G1v8jiXZFoy
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 31 IoCs
flow pid Process 39 3672 rundll32.exe 62 3672 rundll32.exe 63 3672 rundll32.exe 68 3672 rundll32.exe 69 3672 rundll32.exe 71 3672 rundll32.exe 72 3672 rundll32.exe 73 3672 rundll32.exe 74 3672 rundll32.exe 76 3672 rundll32.exe 77 3672 rundll32.exe 78 3672 rundll32.exe 80 3672 rundll32.exe 82 3672 rundll32.exe 83 3672 rundll32.exe 84 3672 rundll32.exe 89 3672 rundll32.exe 90 3672 rundll32.exe 92 3672 rundll32.exe 93 3672 rundll32.exe 94 3672 rundll32.exe 96 3672 rundll32.exe 97 3672 rundll32.exe 98 3672 rundll32.exe 100 3672 rundll32.exe 101 3672 rundll32.exe 103 3672 rundll32.exe 104 3672 rundll32.exe 106 3672 rundll32.exe 108 3672 rundll32.exe 109 3672 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe 3672 rundll32.exe