Overview

overview

7

Static

static

3

9c3b1221a4...dd.exe

windows7-x64

7

9c3b1221a4...dd.exe

windows10-2004-x64

7

$APPDATA/m...ay.dll

windows7-x64

1

$APPDATA/m...ay.dll

windows10-2004-x64

3

$APPDATA/m...in.dll

windows7-x64

1

$APPDATA/m...in.dll

windows10-2004-x64

3

$APPDATA/m...mu.dll

windows7-x64

3

$APPDATA/m...mu.dll

windows10-2004-x64

3

$APPDATA/m...rc.dll

windows7-x64

3

$APPDATA/m...rc.dll

windows10-2004-x64

3

$APPDATA/m...di.dll

windows7-x64

1

$APPDATA/m...di.dll

windows10-2004-x64

1

$APPDATA/m...p3.dll

windows7-x64

1

$APPDATA/m...p3.dll

windows10-2004-x64

1

$APPDATA/m...ve.dll

windows7-x64

1

$APPDATA/m...ve.dll

windows10-2004-x64

1

$APPDATA/m...wm.dll

windows7-x64

1

$APPDATA/m...wm.dll

windows10-2004-x64

1

$APPDATA/m...ip.dll

windows7-x64

1

$APPDATA/m...ip.dll

windows10-2004-x64

3

$APPDATA/m...om.dll

windows7-x64

1

$APPDATA/m...om.dll

windows10-2004-x64

3

$APPDATA/m...oo.dll

windows7-x64

1

$APPDATA/m...oo.dll

windows10-2004-x64

1

$APPDATA/m...Pn.dll

windows7-x64

1

$APPDATA/m...Pn.dll

windows10-2004-x64

1

$APPDATA/m...ve.dll

windows7-x64

1

$APPDATA/m...ve.dll

windows10-2004-x64

1

$APPDATA/m...ps.dll

windows7-x64

1

$APPDATA/m...ps.dll

windows10-2004-x64

3

$APPDATA/m...in.dll

windows7-x64

1

$APPDATA/m...in.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    144s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/02/2024, 17:21 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $APPDATA/mIRC/bin/dll/nGZIPn.dll

  • Size

    72KB

  • MD5

    a5b5a641398f2bc1b7e1e9eaa21b5b74

  • SHA1

    c44f34f6a68bae8c94db3e23acbb35303133febd

  • SHA256

    1d2a1002a637c1aa971dda50ecde5195a6f373cd25ff91e0dc88ed5eac573661

  • SHA512

    cb0eb9e70c4ce29f9f00d1692cf9588e38f52ba2bdad65600eeba29d803c50ae51ae392621a37b2c81fd7b38e4da6b666fbae75764260c7730c929e11d3adaf6

  • SSDEEP

    1536:s2dKcbEN5OmnEfuQZ7TX70fEDTO07vio9:s0bEDOmnEGGz0sPzvio

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$APPDATA\mIRC\bin\dll\nGZIPn.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4600
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$APPDATA\mIRC\bin\dll\nGZIPn.dll,#1
      2⤵
        PID:1212

    Network

    • flag-us
      DNS
      228.249.119.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      228.249.119.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      181.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      181.178.17.96.in-addr.arpa
      IN PTR
      Response
      181.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-181deploystaticakamaitechnologiescom
    • flag-us
      DNS
      73.31.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      73.31.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      241.150.49.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.150.49.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      217.135.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.135.221.88.in-addr.arpa
      IN PTR
      Response
      217.135.221.88.in-addr.arpa
      IN PTR
      a88-221-135-217deploystaticakamaitechnologiescom
    • flag-us
      DNS
      190.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      190.178.17.96.in-addr.arpa
      IN PTR
      Response
      190.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-190deploystaticakamaitechnologiescom
    • flag-us
      DNS
      21.236.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      21.236.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      200.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.178.17.96.in-addr.arpa
      IN PTR
      Response
      200.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-200deploystaticakamaitechnologiescom
    • flag-us
      DNS
      9.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.173.189.20.in-addr.arpa
      IN PTR
      Response
    No results found
    • 8.8.8.8:53
      228.249.119.40.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      228.249.119.40.in-addr.arpa

    • 8.8.8.8:53
      181.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      181.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      73.31.126.40.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      73.31.126.40.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      241.150.49.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      241.150.49.20.in-addr.arpa

    • 8.8.8.8:53
      157.123.68.40.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      157.123.68.40.in-addr.arpa

    • 8.8.8.8:53
      206.23.85.13.in-addr.arpa
      dns
      142 B
       145 B
       2
      1

      DNS Request

      206.23.85.13.in-addr.arpa

      DNS Request

      206.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      217.135.221.88.in-addr.arpa
      dns
      73 B
       139 B
       1
      1

      DNS Request

      217.135.221.88.in-addr.arpa

    • 8.8.8.8:53
      190.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      190.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      21.236.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      21.236.111.52.in-addr.arpa

    • 8.8.8.8:53
      200.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      200.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      9.173.189.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      9.173.189.20.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.