Resubmissions
17-04-2024 09:04
240417-k1zmzaca81 1017-04-2024 09:02
240417-kzr7haca6x 1017-04-2024 09:02
240417-kzrkzaca6v 1017-04-2024 09:02
240417-kzqzfaae49 1017-04-2024 09:02
240417-kzqcxaae48 1017-04-2024 09:02
240417-kzprdaae46 1016-04-2024 14:04
240416-rdht9sdd9w 10Analysis
-
max time kernel
1196s -
max time network
1202s -
platform
windows7_x64 -
resource
win7-20240319-en -
resource tags
-
submitted
17-04-2024 09:02
General
-
Target
da6a04e55e07cfd3c541c340e945c4dad38ac8d414d38dadd3f406f9c954652c.dll
-
Size
30KB
-
MD5
b950169921d1437cef4a85778cd81636
-
SHA1
3d20b1c6f93029ab557819efd1f32afc25ac1e88
-
SHA256
da6a04e55e07cfd3c541c340e945c4dad38ac8d414d38dadd3f406f9c954652c
-
SHA512
d0b87c1a119ba712c8b85fcb442286133320ec03df589276106987f2947ebbc603dfabaad7e2efbec4998067ef508f1c12bbc5a54502097665315a7b9ba9cf70
-
SSDEEP
768:Ugj98hSEzIOxO+OZWBaFWsBC7wU6LPLoEf73Wud9BdoJrZmZEMb+:Z0IOxO+OZWBGWsB+w93L39BdoD
Malware Config
Signatures
-
Blocklisted process makes network request 64 IoCs
-
Contacts a large (586) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Unexpected DNS network traffic destination 3 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications 1 TTPs
Malware can proxy its traffic through Tor for more anonymity.
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\da6a04e55e07cfd3c541c340e945c4dad38ac8d414d38dadd3f406f9c954652c.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\da6a04e55e07cfd3c541c340e945c4dad38ac8d414d38dadd3f406f9c954652c.dll,#12⤵
- Blocklisted process makes network request
-