Overview

overview

10

Static

static

3

e1179516c0...81.dll

windows11-21h2-x64

10

Analysis

  • max time kernel
    261s
  • max time network
    224s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    11-01-2024 00:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e1179516c0fe8cbf69566d5db63c6d1d7d02d67b04eae5800f9a950fb07fee81.dll

  • Size

    507KB

  • MD5

    a0b9376d1a46e876fe056dd89b79dfca

  • SHA1

    1b363e22c6a51341e16ef4a1177596504974e066

  • SHA256

    e1179516c0fe8cbf69566d5db63c6d1d7d02d67b04eae5800f9a950fb07fee81

  • SHA512

    08a9b9de4b8ff6aebe1f9846e5e1994370796b4aa19613178dc320482cf68bf2ee1fb66e7925e1e4887febf398457f04e2193d48b7198d050e6666125802b946

  • SSDEEP

    12288:nljxPw/KI5MGpBRTf4LvGCAotHnG4CEu+AvHuzfsdzjbHgRV:zPkKIGsBRTydjG4GxbHU

Score
10/10
pikabotbotnet

Malware Config

Signatures

  • Detects PikaBot botnet 6 IoCs
  • PikaBot

    PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

    botnetpikabot
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\e1179516c0fe8cbf69566d5db63c6d1d7d02d67b04eae5800f9a950fb07fee81.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1360
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\e1179516c0fe8cbf69566d5db63c6d1d7d02d67b04eae5800f9a950fb07fee81.dll,#1
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of WriteProcessMemory
      PID:2788
      • C:\Windows\SysWOW64\SearchProtocolHost.exe
        "C:\Windows\System32\SearchProtocolHost.exe"
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:1896
  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1056
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4716
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\GrantSave.asx"
      1⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:244
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\GrantSave.asx"
      1⤵
        PID:3172

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/244-40-0x00007FFCECDE0000-0x00007FFCEDE8B000-memory.dmp
        Filesize

        16.7MB

        Download
      • memory/244-53-0x00007FFCEEEA0000-0x00007FFCEEEF6000-memory.dmp
        Filesize

        344KB

        Download
      • memory/244-54-0x00007FFD00070000-0x00007FFD00098000-memory.dmp
        Filesize

        160KB

        Download
      • memory/244-55-0x00007FFCFFF60000-0x00007FFCFFF84000-memory.dmp
        Filesize

        144KB

        Download
      • memory/244-56-0x00007FFCFFF40000-0x00007FFCFFF57000-memory.dmp
        Filesize

        92KB

        Download
      • memory/244-57-0x00007FFCFFDC0000-0x00007FFCFFDE3000-memory.dmp
        Filesize

        140KB

        Download
      • memory/244-41-0x00007FFD00970000-0x00007FFD00991000-memory.dmp
        Filesize

        132KB

        Download
      • memory/244-59-0x00007FFCFFC90000-0x00007FFCFFCA2000-memory.dmp
        Filesize

        72KB

        Download
      • memory/244-60-0x00007FFCF5350000-0x00007FFCF5371000-memory.dmp
        Filesize

        132KB

        Download
      • memory/244-64-0x00007FFCF4FD0000-0x00007FFCF4FFC000-memory.dmp
        Filesize

        176KB

        Download
      • memory/244-61-0x00007FFCF5170000-0x00007FFCF5183000-memory.dmp
        Filesize

        76KB

        Download
      • memory/244-42-0x00007FFD008B0000-0x00007FFD008C8000-memory.dmp
        Filesize

        96KB

        Download
      • memory/244-28-0x00007FF692020000-0x00007FF692118000-memory.dmp
        Filesize

        992KB

        Download
      • memory/244-29-0x00007FFD08A00000-0x00007FFD08A34000-memory.dmp
        Filesize

        208KB

        Download
      • memory/244-30-0x00007FFCEEA80000-0x00007FFCEED34000-memory.dmp
        Filesize

        2.7MB

        Download
      • memory/244-33-0x00007FFD05E60000-0x00007FFD05E71000-memory.dmp
        Filesize

        68KB

        Download
      • memory/244-31-0x00007FFD08A40000-0x00007FFD08A58000-memory.dmp
        Filesize

        96KB

        Download
      • memory/244-32-0x00007FFD06C60000-0x00007FFD06C77000-memory.dmp
        Filesize

        92KB

        Download
      • memory/244-34-0x00007FFD00E40000-0x00007FFD00E57000-memory.dmp
        Filesize

        92KB

        Download
      • memory/244-35-0x00007FFD00B80000-0x00007FFD00B91000-memory.dmp
        Filesize

        68KB

        Download
      • memory/244-62-0x00007FFCF5150000-0x00007FFCF5162000-memory.dmp
        Filesize

        72KB

        Download
      • memory/244-36-0x00007FFD00A00000-0x00007FFD00A1D000-memory.dmp
        Filesize

        116KB

        Download
      • memory/244-38-0x00007FFCEDE90000-0x00007FFCEE090000-memory.dmp
        Filesize

        2.0MB

        Download
      • memory/244-39-0x00007FFD009A0000-0x00007FFD009DF000-memory.dmp
        Filesize

        252KB

        Download
      • memory/244-37-0x00007FFD009E0000-0x00007FFD009F1000-memory.dmp
        Filesize

        68KB

        Download
      • memory/244-63-0x00007FFCEED60000-0x00007FFCEEE9B000-memory.dmp
        Filesize

        1.2MB

        Download
      • memory/244-58-0x00007FFCFFD80000-0x00007FFCFFD91000-memory.dmp
        Filesize

        68KB

        Download
      • memory/244-43-0x00007FFD00890000-0x00007FFD008A1000-memory.dmp
        Filesize

        68KB

        Download
      • memory/244-44-0x00007FFD00870000-0x00007FFD00881000-memory.dmp
        Filesize

        68KB

        Download
      • memory/244-45-0x00007FFD00850000-0x00007FFD00861000-memory.dmp
        Filesize

        68KB

        Download
      • memory/244-46-0x00007FFD00830000-0x00007FFD0084B000-memory.dmp
        Filesize

        108KB

        Download
      • memory/244-47-0x00007FFD00230000-0x00007FFD00241000-memory.dmp
        Filesize

        68KB

        Download
      • memory/244-48-0x00007FFD00210000-0x00007FFD00228000-memory.dmp
        Filesize

        96KB

        Download
      • memory/244-49-0x00007FFD001E0000-0x00007FFD00210000-memory.dmp
        Filesize

        192KB

        Download
      • memory/244-50-0x00007FFCFFF90000-0x00007FFCFFFF7000-memory.dmp
        Filesize

        412KB

        Download
      • memory/244-51-0x00007FFCF6300000-0x00007FFCF636F000-memory.dmp
        Filesize

        444KB

        Download
      • memory/244-52-0x00007FFD001C0000-0x00007FFD001D1000-memory.dmp
        Filesize

        68KB

        Download
      • memory/1896-1-0x00000000001B0000-0x00000000001FF000-memory.dmp
        Filesize

        316KB

        Download
      • memory/1896-0-0x00000000001B0000-0x00000000001FF000-memory.dmp
        Filesize

        316KB

        Download
      • memory/1896-18-0x00000000001B0000-0x00000000001FF000-memory.dmp
        Filesize

        316KB

        Download
      • memory/1896-16-0x00000000001B0000-0x00000000001FF000-memory.dmp
        Filesize

        316KB

        Download
      • memory/1896-5-0x00000000001B0000-0x00000000001FF000-memory.dmp
        Filesize

        316KB

        Download
      • memory/1896-2-0x00000000001B0000-0x00000000001FF000-memory.dmp
        Filesize

        316KB

        Download
      • memory/3172-27-0x00007FFD05E60000-0x00007FFD05E71000-memory.dmp
        Filesize

        68KB

        Download
      • memory/3172-21-0x00007FF692020000-0x00007FF692118000-memory.dmp
        Filesize

        992KB

        Download
      • memory/3172-26-0x00007FFD06C60000-0x00007FFD06C77000-memory.dmp
        Filesize

        92KB

        Download
      • memory/3172-25-0x00007FFD08A40000-0x00007FFD08A58000-memory.dmp
        Filesize

        96KB

        Download
      • memory/3172-23-0x00007FFCEEA80000-0x00007FFCEED34000-memory.dmp
        Filesize

        2.7MB

        Download
      • memory/3172-22-0x00007FFD08A00000-0x00007FFD08A34000-memory.dmp
        Filesize

        208KB

        Download