Overview

overview

3

Static

static

3

Configurar.cmd

windows7-x64

1

Configurar.cmd

windows10-2004-x64

1

Instalar.cmd

windows7-x64

1

Instalar.cmd

windows10-2004-x64

1

Mono.Security.dll

windows7-x64

1

Mono.Security.dll

windows10-2004-x64

1

Npgsql.dll

windows7-x64

1

Npgsql.dll

windows10-2004-x64

1

System.Dat...te.dll

windows7-x64

1

System.Dat...te.dll

windows10-2004-x64

1

System.Net.Http.dll

windows7-x64

1

System.Net.Http.dll

windows10-2004-x64

1

System.ValueTuple.dll

windows7-x64

1

System.ValueTuple.dll

windows10-2004-x64

1

TCore.dll

windows7-x64

1

TCore.dll

windows10-2004-x64

1

TNrgyBss.dll

windows7-x64

1

TNrgyBss.dll

windows10-2004-x64

1

TNrgyModbusServer.exe

windows7-x64

1

TNrgyModbusServer.exe

windows10-2004-x64

1

en/TCore.r...es.dll

windows7-x64

1

en/TCore.r...es.dll

windows10-2004-x64

1

en/TNrgyBs...es.dll

windows7-x64

1

en/TNrgyBs...es.dll

windows10-2004-x64

1

en/TNrgyMo...es.dll

windows7-x64

1

en/TNrgyMo...es.dll

windows10-2004-x64

1

es/TCore.r...es.dll

windows7-x64

1

es/TCore.r...es.dll

windows10-2004-x64

1

es/TNrgyBs...es.dll

windows7-x64

1

es/TNrgyBs...es.dll

windows10-2004-x64

1

es/TNrgyMo...es.dll

windows7-x64

1

es/TNrgyMo...es.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    137s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/01/2024, 08:54 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    System.Data.SQLite.dll

  • Size

    1.2MB

  • MD5

    616893e1c8f872fb53d98e6847e4f3de

  • SHA1

    50c459e75c416e48b39313e48d876d52db837ef3

  • SHA256

    e1fe071b6bf7ce4551178e2cb0e95a057845d8dd600a796157b76bdb10261df4

  • SHA512

    1bbaa89f52a57c21268ee43f0e5496e1e7263c2dbfa8a811ca39b5df76c7af1396fa5580c5f44ab77544174ffd0e717dc8c29111531f7109f43309aa918b7e17

  • SSDEEP

    24576:cy/rsKZ2Sbm/RaeOIUv0Wt/dRpZf2d6oHkQj84fAhs:cy/57ODUVntCkSA

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\System.Data.SQLite.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1820
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\System.Data.SQLite.dll,#1
      2⤵
        PID:460

    Network

    • flag-us
      DNS
      2.136.104.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      2.136.104.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      175.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      175.178.17.96.in-addr.arpa
      IN PTR
      Response
      175.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-175deploystaticakamaitechnologiescom
    • flag-us
      DNS
      16.53.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      16.53.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      146.78.124.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      146.78.124.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      103.169.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      103.169.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      158.240.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      158.240.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      18.31.95.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.31.95.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      18.31.95.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.31.95.13.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      18.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.134.221.88.in-addr.arpa
      IN PTR
      Response
      18.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-18deploystaticakamaitechnologiescom
    • flag-us
      DNS
      149.220.183.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      149.220.183.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      179.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      179.178.17.96.in-addr.arpa
      IN PTR
      Response
      179.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-179deploystaticakamaitechnologiescom
    • flag-us
      DNS
      180.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      180.178.17.96.in-addr.arpa
      IN PTR
      Response
      180.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-180deploystaticakamaitechnologiescom
    • flag-us
      DNS
      9.179.89.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.179.89.13.in-addr.arpa
      IN PTR
      Response
    No results found
    • 8.8.8.8:53
      2.136.104.51.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      2.136.104.51.in-addr.arpa

    • 8.8.8.8:53
      175.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      175.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      16.53.126.40.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      16.53.126.40.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      146.78.124.51.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      146.78.124.51.in-addr.arpa

    • 8.8.8.8:53
      103.169.127.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      103.169.127.40.in-addr.arpa

    • 8.8.8.8:53
      158.240.127.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      158.240.127.40.in-addr.arpa

    • 8.8.8.8:53
      18.31.95.13.in-addr.arpa
      dns
      140 B
       144 B
       2
      1

      DNS Request

      18.31.95.13.in-addr.arpa

      DNS Request

      18.31.95.13.in-addr.arpa

    • 8.8.8.8:53
      18.134.221.88.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      18.134.221.88.in-addr.arpa

    • 8.8.8.8:53
      149.220.183.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      149.220.183.52.in-addr.arpa

    • 8.8.8.8:53
      179.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      179.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      180.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      180.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      9.179.89.13.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      9.179.89.13.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.