Analysis
-
max time kernel
1172s -
max time network
1194s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
04-10-2024 19:41
Behavioral task
behavioral1
Sample
LdrAddx64.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
1200 seconds
Behavioral task
behavioral2
Sample
LdrAddx64.dll
Resource
win11-20240802-en
windows11-21h2-x64
2 signatures
1200 seconds
General
-
Target
LdrAddx64.dll
-
Size
2.1MB
-
MD5
90010f98335ee9e5a46dd1f2f54ab6ef
-
SHA1
5886146225bef728847566c3af5b169a277b4338
-
SHA256
4c2af6abed05ca2b5164ee2c3a999da829b65701fd879dffbc6b73f09209f187
-
SHA512
3da2fad887882e6a6c0a12e79f42b59b3a580412fb9a6dc4c38819e89c5873caef136bb44593ab4b2ceb7e2653d96dbc70a16df965389d41feed79fde76a7852
-
SSDEEP
49152:gGgJ3vE7rwsY5+a+h1cHkUnl/u9Zx/PgxeAaEAbK2V0rG:mavI5+qHxsgxeAgsrG
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 33 IoCs
flow pid Process 3 3004 rundll32.exe 4 3004 rundll32.exe 5 3004 rundll32.exe 8 3004 rundll32.exe 9 3004 rundll32.exe 10 3004 rundll32.exe 11 3004 rundll32.exe 13 3004 rundll32.exe 16 3004 rundll32.exe 18 3004 rundll32.exe 21 3004 rundll32.exe 32 3004 rundll32.exe 40 3004 rundll32.exe 42 3004 rundll32.exe 43 3004 rundll32.exe 44 3004 rundll32.exe 46 3004 rundll32.exe 47 3004 rundll32.exe 48 3004 rundll32.exe 49 3004 rundll32.exe 50 3004 rundll32.exe 51 3004 rundll32.exe 53 3004 rundll32.exe 55 3004 rundll32.exe 56 3004 rundll32.exe 57 3004 rundll32.exe 58 3004 rundll32.exe 59 3004 rundll32.exe 60 3004 rundll32.exe 61 3004 rundll32.exe 62 3004 rundll32.exe 63 3004 rundll32.exe 64 3004 rundll32.exe -
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 2 api.ipify.org 11 api.ipify.org