Analysis
-
max time kernel
164s -
max time network
173s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
28/12/2023, 20:57
Static task
static1
Behavioral task
behavioral1
Sample
DLLLoad.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
DLLLoad.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
Hamachi France.url
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
Hamachi France.url
Resource
win10v2004-20231222-en
Behavioral task
behavioral5
Sample
TeknoGods.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
TeknoGods.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
teknohelper.exe
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
teknohelper.exe
Resource
win10v2004-20231215-en
General
-
Target
DLLLoad.exe
-
Size
239KB
-
MD5
4e9a4c28fdd0e60042779117a955a074
-
SHA1
ec487996c03cd1c3bf3dc56b07bf31196e0cb6ed
-
SHA256
12f991863c77a5ef017a0b3be8146de65952b736dd2cd28708ec51b1d934aa36
-
SHA512
992c437259485f6c34d311b5715eb21063763ef8181568508f1041b1055b8a7eb8af5206fdf35c1aa40749126c45d68c0ca060c52aab17e57e13375194cb1b15
-
SSDEEP
6144:Aujzmdywb9qES9cXP755n9aCiSaX9zeTxEKjMl:hjpyqEcO5h9aCiSatzeVEN
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 3752 DLLLoad.exe -
Suspicious behavior: EnumeratesProcesses 28 IoCs
pid Process 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe 3752 DLLLoad.exe