Analysis
-
max time kernel
141s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
22-02-2023 09:36
Static task
static1
Behavioral task
behavioral1
Sample
0ca834aecd8a27eadca15f7054f33d5a.dll
Resource
win7-20230220-en
windows7-x64
3 signatures
150 seconds
General
-
Target
0ca834aecd8a27eadca15f7054f33d5a.dll
-
Size
6.0MB
-
MD5
0ca834aecd8a27eadca15f7054f33d5a
-
SHA1
0fab64541262927cbf58d8a1755717a4ad81bf25
-
SHA256
da6f4ed0f611021ae9565d8514875b627c031a44d5ca7d25bdc290c8a10aee4e
-
SHA512
2ff6162aa7339ee0faedbb4644caec4125477568b1825b2f01e923a1f7670462abc3d2dedc6750a28de09f1eefb63f86eb9ba0932361e302c4b4b1d79ce003e3
-
SSDEEP
98304:7uoS3DPg0N45/W/0Yg8UBEgorYH0gg22fFOAJqYn5hD457KN4z0u:7T+gE4JrY2ByYHoFO+nDju0u
Malware Config
Extracted
Family
systembc
C2
65.109.48.216:4270
35.198.166.27:4270
Signatures
-
Blocklisted process makes network request 14 IoCs
Processes:
rundll32.exeflow pid process 1 4844 rundll32.exe 4 4844 rundll32.exe 5 4844 rundll32.exe 7 4844 rundll32.exe 10 4844 rundll32.exe 12 4844 rundll32.exe 15 4844 rundll32.exe 17 4844 rundll32.exe 18 4844 rundll32.exe 19 4844 rundll32.exe 20 4844 rundll32.exe 21 4844 rundll32.exe 22 4844 rundll32.exe 23 4844 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 4844 rundll32.exe 4844 rundll32.exe