Analysis Overview
SHA256
b6d7e579a24efc09c2dba13ca90622790866e017a3311c1809c5041e91b7a930
Threat Level: Known bad
The file Challenge_1.dll was found to be: Known bad.
Malicious Activity Summary
Jupyter Backdoor/Client payload
Jupyter family
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-09-26 09:12
Signatures
Jupyter Backdoor/Client payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Jupyter family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-26 09:12
Reported
2024-09-26 09:15
Platform
win7-20240704-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Challenge_1.dll,#1
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-26 09:12
Reported
2024-09-26 09:15
Platform
win10v2004-20240802-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Challenge_1.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |