Analysis
-
max time kernel
1181s -
max time network
1197s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
04-10-2024 19:41
Behavioral task
behavioral1
Sample
LdrAddx64.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
1200 seconds
Behavioral task
behavioral2
Sample
LdrAddx64.dll
Resource
win11-20240802-en
windows11-21h2-x64
2 signatures
1200 seconds
General
-
Target
LdrAddx64.dll
-
Size
2.1MB
-
MD5
90010f98335ee9e5a46dd1f2f54ab6ef
-
SHA1
5886146225bef728847566c3af5b169a277b4338
-
SHA256
4c2af6abed05ca2b5164ee2c3a999da829b65701fd879dffbc6b73f09209f187
-
SHA512
3da2fad887882e6a6c0a12e79f42b59b3a580412fb9a6dc4c38819e89c5873caef136bb44593ab4b2ceb7e2653d96dbc70a16df965389d41feed79fde76a7852
-
SSDEEP
49152:gGgJ3vE7rwsY5+a+h1cHkUnl/u9Zx/PgxeAaEAbK2V0rG:mavI5+qHxsgxeAgsrG
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 31 IoCs
flow pid Process 32 4824 rundll32.exe 68 4824 rundll32.exe 75 4824 rundll32.exe 86 4824 rundll32.exe 89 4824 rundll32.exe 97 4824 rundll32.exe 100 4824 rundll32.exe 102 4824 rundll32.exe 109 4824 rundll32.exe 110 4824 rundll32.exe 111 4824 rundll32.exe 112 4824 rundll32.exe 113 4824 rundll32.exe 115 4824 rundll32.exe 122 4824 rundll32.exe 134 4824 rundll32.exe 136 4824 rundll32.exe 138 4824 rundll32.exe 140 4824 rundll32.exe 141 4824 rundll32.exe 143 4824 rundll32.exe 176 4824 rundll32.exe 191 4824 rundll32.exe 194 4824 rundll32.exe 202 4824 rundll32.exe 216 4824 rundll32.exe 218 4824 rundll32.exe 219 4824 rundll32.exe 220 4824 rundll32.exe 227 4824 rundll32.exe 239 4824 rundll32.exe -
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 99 api.ipify.org 100 api.ipify.org