Analysis
-
max time kernel
141s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
09-08-2023 09:11
Behavioral task
behavioral1
Sample
e3fe0be8cd50ca837069bc2564ab0532.dll
Resource
win7-20230712-en
4 signatures
150 seconds
General
-
Target
e3fe0be8cd50ca837069bc2564ab0532.dll
-
Size
5.8MB
-
MD5
e3fe0be8cd50ca837069bc2564ab0532
-
SHA1
05e41077b6ebefe2fc34b03055f8c5b31cff1664
-
SHA256
ede84803bface8bb45d2f293d8766f6099dab30b1f2d74207398835ff255e385
-
SHA512
7fd879b48873530aa3d1933e537f99f53909fc3604da6cc88388e51e560b5aecbe31801f3daf2096c190f7c8e1b878e3566874c2e1f937254cbf8a59654e7497
-
SSDEEP
98304:QrsZ8pbhGL9G900NEOrx0i5P4GzmJPLYJZLKU9Q+Rg8gvUbgQw3/5cU6mWL:QawGMvrui5VWUDLKUe+yN5Qy5cH
Malware Config
Extracted
Family
systembc
C2
5.42.65.67:4298
localhost.exchange:4298
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid Process 15 2100 rundll32.exe -
Processes:
resource yara_rule behavioral2/memory/2100-135-0x00007FFA815A0000-0x00007FFA81F6A000-memory.dmp vmprotect behavioral2/memory/2100-142-0x00007FFA815A0000-0x00007FFA81F6A000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
rundll32.exepid Process 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe 2100 rundll32.exe