Overview
overview
3Static
static
3BINDInstall.exe
windows7-x64
1BINDInstall.exe
windows10-2004-x64
1bindevt.dll
windows7-x64
1bindevt.dll
windows10-2004-x64
1dig.exe
windows7-x64
dig.exe
windows10-2004-x64
dnssec-dsfromkey.exe
windows7-x64
dnssec-dsfromkey.exe
windows10-2004-x64
dnssec-key...el.exe
windows7-x64
dnssec-key...el.exe
windows10-2004-x64
dnssec-keygen.exe
windows7-x64
dnssec-keygen.exe
windows10-2004-x64
dnssec-signzone.exe
windows7-x64
dnssec-signzone.exe
windows10-2004-x64
host.exe
windows7-x64
host.exe
windows10-2004-x64
libbind9.dll
windows7-x64
1libbind9.dll
windows10-2004-x64
1libdns.dll
windows7-x64
1libdns.dll
windows10-2004-x64
1libeay32.dll
windows7-x64
1libeay32.dll
windows10-2004-x64
1libisc.dll
windows7-x64
1libisc.dll
windows10-2004-x64
1libisccc.dll
windows7-x64
1libisccc.dll
windows10-2004-x64
1libisccfg.dll
windows7-x64
1libisccfg.dll
windows10-2004-x64
1liblwres.dll
windows7-x64
1liblwres.dll
windows10-2004-x64
1named-checkconf.exe
windows7-x64
named-checkconf.exe
windows10-2004-x64
Analysis
-
max time kernel
122s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
07-11-2023 14:29
Static task
static1
Behavioral task
behavioral1
Sample
BINDInstall.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
BINDInstall.exe
Resource
win10v2004-20231020-en
Behavioral task
behavioral3
Sample
bindevt.dll
Resource
win7-20231020-en
Behavioral task
behavioral4
Sample
bindevt.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral5
Sample
dig.exe
Resource
win7-20231020-en
Behavioral task
behavioral6
Sample
dig.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral7
Sample
dnssec-dsfromkey.exe
Resource
win7-20231025-en
Behavioral task
behavioral8
Sample
dnssec-dsfromkey.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral9
Sample
dnssec-keyfromlabel.exe
Resource
win7-20231025-en
Behavioral task
behavioral10
Sample
dnssec-keyfromlabel.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral11
Sample
dnssec-keygen.exe
Resource
win7-20231023-en
Behavioral task
behavioral12
Sample
dnssec-keygen.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral13
Sample
dnssec-signzone.exe
Resource
win7-20231023-en
Behavioral task
behavioral14
Sample
dnssec-signzone.exe
Resource
win10v2004-20231020-en
Behavioral task
behavioral15
Sample
host.exe
Resource
win7-20231020-en
Behavioral task
behavioral16
Sample
host.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral17
Sample
libbind9.dll
Resource
win7-20231023-en
Behavioral task
behavioral18
Sample
libbind9.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral19
Sample
libdns.dll
Resource
win7-20231025-en
Behavioral task
behavioral20
Sample
libdns.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral21
Sample
libeay32.dll
Resource
win7-20231020-en
Behavioral task
behavioral22
Sample
libeay32.dll
Resource
win10v2004-20231025-en
Behavioral task
behavioral23
Sample
libisc.dll
Resource
win7-20231023-en
Behavioral task
behavioral24
Sample
libisc.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral25
Sample
libisccc.dll
Resource
win7-20231023-en
Behavioral task
behavioral26
Sample
libisccc.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral27
Sample
libisccfg.dll
Resource
win7-20231020-en
Behavioral task
behavioral28
Sample
libisccfg.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral29
Sample
liblwres.dll
Resource
win7-20231020-en
Behavioral task
behavioral30
Sample
liblwres.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral31
Sample
named-checkconf.exe
Resource
win7-20231020-en
Behavioral task
behavioral32
Sample
named-checkconf.exe
Resource
win10v2004-20231023-en
General
-
Target
libeay32.dll
-
Size
1.2MB
-
MD5
ec31b514b68aa36332262664f9731608
-
SHA1
09047bc3670d8510177e74962a9d8039942f9ae9
-
SHA256
6eb24ad19930c168d2b30c449ae36b05cd2ce3b0f82c9617decef92c6e560c10
-
SHA512
3417e1badf5fe4c7cb5b4e9843918709f2182f19a9b094f7f536000f125660a6239f066587ed6d4c897ff7e0f9646a886123f7a9d5a467421f509be60bea7e39
-
SSDEEP
24576:bc9S/ssux9hMqgXaoomO1+6SfCY+LaBnBPX7Fp10e2uW2VZoS3tL:JyNgKHmO1+p+Mf7Fp10e2uNVKS3tL
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2160 wrote to memory of 2376 2160 rundll32.exe 28 PID 2160 wrote to memory of 2376 2160 rundll32.exe 28 PID 2160 wrote to memory of 2376 2160 rundll32.exe 28 PID 2160 wrote to memory of 2376 2160 rundll32.exe 28 PID 2160 wrote to memory of 2376 2160 rundll32.exe 28 PID 2160 wrote to memory of 2376 2160 rundll32.exe 28 PID 2160 wrote to memory of 2376 2160 rundll32.exe 28