Overview

overview

7

Static

static

3

$RON9VYX.exe

windows7-x64

7

$RON9VYX.exe

windows10-2004-x64

4

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...id.dll

windows7-x64

3

$PLUGINSDI...id.dll

windows10-2004-x64

3

$R0.dll

windows7-x64

1

$R0.dll

windows10-2004-x64

1

$R2/NSIS.L...0_.exe

windows7-x64

1

$R2/NSIS.L...0_.exe

windows10-2004-x64

1

GPL.html

windows7-x64

1

GPL.html

windows10-2004-x64

1

filezilla.exe

windows7-x64

7

filezilla.exe

windows10-2004-x64

7

fzputtygen.exe

windows7-x64

1

fzputtygen.exe

windows10-2004-x64

1

fzsftp.exe

windows7-x64

1

fzsftp.exe

windows10-2004-x64

1

fzstorj.exe

windows7-x64

1

fzstorj.exe

windows10-2004-x64

1

libfilezilla-43.dll

windows7-x64

1

libfilezilla-43.dll

windows10-2004-x64

1

libfzclien...-0.dll

windows7-x64

1

libfzclien...-0.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    92s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/05/2024, 15:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    libfilezilla-43.dll

  • Size

    937KB

  • MD5

    85bd74a17c53eec4cd39fc4fadadc3c6

  • SHA1

    1f5e48cada5a99b1a0d4364e4091489d4504c606

  • SHA256

    bdc1ea011a343b36b19411cbab592936432ecec8f0d91ec6f74e10f4f10ddb09

  • SHA512

    27b4668cad4a30a25f22ac57d35e91609ccf1558a499292ea7637a4829228a9f2a01f918e082a50680a5d4d158e25deb3eca7b1dbc20d1ca6dfeddd418bc14b5

  • SSDEEP

    12288:0pmXs0Uq6WoUwjfW/BNaYRGKfhEmrsF1q1t7owYaDC09XymDtQeYS8:04fT1GfW/HaYopmY0imDtQeYS8

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\libfilezilla-43.dll,#1
    1⤵
      PID:1688

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1688-4-0x00007FFE392E0000-0x00007FFE39301000-memory.dmp

      Filesize

      132KB

      Download

    • memory/1688-6-0x00007FFE240D0000-0x00007FFE242B7000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1688-5-0x00007FFE242C0000-0x00007FFE244D3000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/1688-3-0x00007FFE334D0000-0x00007FFE33574000-memory.dmp

      Filesize

      656KB

      Download

    • memory/1688-2-0x00007FFE33700000-0x00007FFE33755000-memory.dmp

      Filesize

      340KB

      Download

    • memory/1688-1-0x00007FFE37090000-0x00007FFE370D9000-memory.dmp

      Filesize

      292KB

      Download

    • memory/1688-0-0x00007FFE337A0000-0x00007FFE3388F000-memory.dmp

      Filesize

      956KB

      Download