Overview

overview

3

Static

static

3

18b77bc458...78.dll

windows7-x64

1

18b77bc458...78.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    123s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/08/2023, 07:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18b77bc45823601fb579f9afef1fd860629a195e2e40fdb4b36f97a508368178.dll

  • Size

    980KB

  • MD5

    ba716fca13ab1cd885d4f934da0a3d29

  • SHA1

    e3b8f9db5e8384d14ddac7b3c423f5c9a4b3b229

  • SHA256

    18b77bc45823601fb579f9afef1fd860629a195e2e40fdb4b36f97a508368178

  • SHA512

    2f02ca2b5ac87bbe5e251ac257bb67cfc76b10502c9857dd45ff00ff3eaa078093a14f7c3d43881194bd241052c9b925427838f6eb41fe2badd5889772230e17

  • SSDEEP

    12288:KnyKe3es5kY/fVjIp39I0Yqdoy06mjOu6tlL6E6J7ntPOG/ySFVmypVAbqHTF0vS:41s7kYHH0YqdO03tFO91OG/RFVmypxe

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\18b77bc45823601fb579f9afef1fd860629a195e2e40fdb4b36f97a508368178.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1348
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\18b77bc45823601fb579f9afef1fd860629a195e2e40fdb4b36f97a508368178.dll,#1
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:4900

Network

  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    108.211.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    108.211.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.81.21.72.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.81.21.72.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    73.254.224.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.254.224.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    169.117.168.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    169.117.168.52.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    59.128.231.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    59.128.231.4.in-addr.arpa

  • 8.8.8.8:53
    0.159.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    0.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    108.211.229.192.in-addr.arpa
    dns
    74 B
     145 B
     1
    1

    DNS Request

    108.211.229.192.in-addr.arpa

  • 8.8.8.8:53
    2.136.104.51.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    2.136.104.51.in-addr.arpa

  • 8.8.8.8:53
    158.240.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    158.240.127.40.in-addr.arpa

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    240.81.21.72.in-addr.arpa
    dns
    71 B
     142 B
     1
    1

    DNS Request

    240.81.21.72.in-addr.arpa

  • 8.8.8.8:53
    73.254.224.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    73.254.224.20.in-addr.arpa

  • 8.8.8.8:53
    169.117.168.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    169.117.168.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4900-133-0x0000000010000000-0x0000000010127000-memory.dmp

    Filesize

    1.2MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.