Overview
overview
8Static
static
30_russia_u...le.cmd
windows7-x64
80_russia_u...le.cmd
windows10-2004-x64
81_russia_b...st.cmd
windows7-x64
11_russia_b...st.cmd
windows10-2004-x64
11_russia_b...ir.cmd
windows7-x64
11_russia_b...ir.cmd
windows10-2004-x64
12_any_country.cmd
windows7-x64
12_any_country.cmd
windows10-2004-x64
12_any_coun...ir.cmd
windows7-x64
12_any_coun...ir.cmd
windows10-2004-x64
1Youtube1.cmd
windows7-x64
1Youtube1.cmd
windows10-2004-x64
1Youtube2.cmd
windows7-x64
1Youtube2.cmd
windows10-2004-x64
1service_in...st.cmd
windows7-x64
1service_in...st.cmd
windows10-2004-x64
1service_in...ir.cmd
windows7-x64
1service_in...ir.cmd
windows10-2004-x64
1service_remove.cmd
windows7-x64
1service_remove.cmd
windows10-2004-x64
1x86/WinDivert.dll
windows7-x64
3x86/WinDivert.dll
windows10-2004-x64
3x86/WinDivert32.sys
windows7-x64
1x86/WinDivert32.sys
windows10-2004-x64
1x86/WinDivert64.sys
windows7-x64
1x86/WinDivert64.sys
windows10-2004-x64
1x86/goodbyedpi.exe
windows7-x64
1x86/goodbyedpi.exe
windows10-2004-x64
3x86_64/WinDivert.dll
windows7-x64
1x86_64/WinDivert.dll
windows10-2004-x64
1x86_64/Win...64.sys
windows7-x64
1x86_64/Win...64.sys
windows10-2004-x64
1Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
11-08-2024 05:33
Static task
static1
Behavioral task
behavioral1
Sample
0_russia_update_blacklist_file.cmd
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
0_russia_update_blacklist_file.cmd
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
1_russia_blacklist.cmd
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
1_russia_blacklist.cmd
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
1_russia_blacklist_dnsredir.cmd
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
1_russia_blacklist_dnsredir.cmd
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
2_any_country.cmd
Resource
win7-20240705-en
Behavioral task
behavioral8
Sample
2_any_country.cmd
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
2_any_country_dnsredir.cmd
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
2_any_country_dnsredir.cmd
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
Youtube1.cmd
Resource
win7-20240729-en
Behavioral task
behavioral12
Sample
Youtube1.cmd
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
Youtube2.cmd
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
Youtube2.cmd
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
service_install_russia_blacklist.cmd
Resource
win7-20240705-en
Behavioral task
behavioral16
Sample
service_install_russia_blacklist.cmd
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
service_install_russia_blacklist_dnsredir.cmd
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
service_install_russia_blacklist_dnsredir.cmd
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
service_remove.cmd
Resource
win7-20240729-en
Behavioral task
behavioral20
Sample
service_remove.cmd
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
x86/WinDivert.dll
Resource
win7-20240704-en
Behavioral task
behavioral22
Sample
x86/WinDivert.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
x86/WinDivert32.sys
Resource
win7-20240705-en
Behavioral task
behavioral24
Sample
x86/WinDivert32.sys
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
x86/WinDivert64.sys
Resource
win7-20240708-en
Behavioral task
behavioral26
Sample
x86/WinDivert64.sys
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
x86/goodbyedpi.exe
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
x86/goodbyedpi.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
x86_64/WinDivert.dll
Resource
win7-20240704-en
Behavioral task
behavioral30
Sample
x86_64/WinDivert.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
x86_64/WinDivert64.sys
Resource
win7-20240704-en
Behavioral task
behavioral32
Sample
x86_64/WinDivert64.sys
Resource
win10v2004-20240802-en
General
-
Target
2_any_country_dnsredir.cmd
-
Size
291B
-
MD5
48de91946fd423515b182a622842adc5
-
SHA1
4519a0bc87a0e0838f003d3e4e4904d5721abad7
-
SHA256
a7762f252e434134245adee7398eabc7b96e4e83ee408ce63cc3f92b942c4b6b
-
SHA512
43ef99d5f0ed8725cfad206d6d3bd0d393258872882f3c2fd8f974703dfb418652f9f1adae5b6e9ab769cf9a46192655c795c4ebc0adf4cd6a1b4e7cd20db745
Malware Config
Signatures
-
Suspicious behavior: LoadsDriver 1 IoCs
Processes:
pid process 472 -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 2728 wrote to memory of 2644 2728 cmd.exe goodbyedpi.exe PID 2728 wrote to memory of 2644 2728 cmd.exe goodbyedpi.exe PID 2728 wrote to memory of 2644 2728 cmd.exe goodbyedpi.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2_any_country_dnsredir.cmd"1⤵
- Suspicious use of WriteProcessMemory
PID:2728 -
C:\Users\Admin\AppData\Local\Temp\x86_64\goodbyedpi.exegoodbyedpi.exe -5 --dns-addr 77.88.8.8 --dns-port 1253 --dnsv6-addr 2a02:6b8::feed:0ff --dnsv6-port 12532⤵PID:2644