Overview

overview

3

Static

static

3

Yagami 1.0...re.dll

windows7-x64

3

Yagami 1.0...re.dll

windows10-2004-x64

3

Yagami 1.0/Qt5Gui.dll

windows7-x64

3

Yagami 1.0/Qt5Gui.dll

windows10-2004-x64

3

Yagami 1.0...ia.dll

windows7-x64

3

Yagami 1.0...ia.dll

windows10-2004-x64

3

Yagami 1.0...rk.dll

windows7-x64

3

Yagami 1.0...rk.dll

windows10-2004-x64

3

Yagami 1.0...ts.dll

windows7-x64

1

Yagami 1.0...ts.dll

windows10-2004-x64

3

Yagami 1.0/Yagami.exe

windows7-x64

1

Yagami 1.0/Yagami.exe

windows10-2004-x64

3

Yagami 1.0...-1.dll

windows7-x64

3

Yagami 1.0...-1.dll

windows10-2004-x64

3

Yagami 1.0...-6.dll

windows7-x64

3

Yagami 1.0...-6.dll

windows10-2004-x64

3

Yagami 1.0...-1.dll

windows7-x64

1

Yagami 1.0...-1.dll

windows10-2004-x64

1

Yagami 1.0...if.dll

windows7-x64

1

Yagami 1.0...if.dll

windows10-2004-x64

1

Yagami 1.0...fd.dll

windows7-x64

1

Yagami 1.0...fd.dll

windows10-2004-x64

1

Yagami 1.0...ns.dll

windows7-x64

1

Yagami 1.0...ns.dll

windows10-2004-x64

1

Yagami 1.0...sd.dll

windows7-x64

1

Yagami 1.0...sd.dll

windows10-2004-x64

1

Yagami 1.0...co.dll

windows7-x64

1

Yagami 1.0...co.dll

windows10-2004-x64

1

Yagami 1.0...od.dll

windows7-x64

1

Yagami 1.0...od.dll

windows10-2004-x64

1

Yagami 1.0...eg.dll

windows7-x64

1

Yagami 1.0...eg.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    28/03/2024, 22:46 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Yagami 1.0/plugins/imageformats/qico.dll

  • Size

    35KB

  • MD5

    df0752b5209c3f8c6ec263bc09f9537a

  • SHA1

    1a1d2ef581d59b18caedca05e85bf2c31e8b7313

  • SHA256

    b8982ae083d27d201ba2d625eb061ede140e388e2604443d7fe663c4b9a5fd90

  • SHA512

    c4b0561fa9056dc581819a377a802a1698a6aa91ec08e050904f779b74bf53e0fab011e686ff8c4252549bde47593ef7ff8959b3098efade804381c2c317bd04

  • SSDEEP

    384:ojQGEelv+gSB+QnhbkM4REncSZ64MVlxPakOk0i3FK2P2NGb5e3woUE20ynoaNnS:0lEwQDaXQk0gP2NmeuEg9ncf

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Yagami 1.0\plugins\imageformats\qico.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:372
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Yagami 1.0\plugins\imageformats\qico.dll",#1
      2⤵
        PID:1036

    Network

    • flag-us
      DNS
      241.150.49.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.150.49.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      41.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.134.221.88.in-addr.arpa
      IN PTR
      Response
      41.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-41deploystaticakamaitechnologiescom
    • flag-us
      DNS
      20.160.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      20.160.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      217.106.137.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.106.137.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      56.126.166.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      56.126.166.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      43.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.229.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      11.179.89.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      11.179.89.13.in-addr.arpa
      IN PTR
      Response
    • 20.231.121.79:80
      46 B
       1
    • 8.8.8.8:53
      241.150.49.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      241.150.49.20.in-addr.arpa

    • 8.8.8.8:53
      41.134.221.88.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      41.134.221.88.in-addr.arpa

    • 8.8.8.8:53
      20.160.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      20.160.190.20.in-addr.arpa

    • 8.8.8.8:53
      217.106.137.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      217.106.137.52.in-addr.arpa

    • 8.8.8.8:53
      157.123.68.40.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      157.123.68.40.in-addr.arpa

    • 8.8.8.8:53
      56.126.166.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      56.126.166.20.in-addr.arpa

    • 8.8.8.8:53
      43.229.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      43.229.111.52.in-addr.arpa

    • 8.8.8.8:53
      11.179.89.13.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      11.179.89.13.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.