Analysis
-
max time kernel
1189s -
max time network
1191s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
submitted
11-10-2024 01:59
Behavioral task
behavioral1
Sample
LdrAddx64.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
1 signatures
1200 seconds
Behavioral task
behavioral2
Sample
LdrAddx64.dll
Resource
win11-20241007-en
windows11-21h2-x64
2 signatures
1200 seconds
General
-
Target
LdrAddx64.dll
-
Size
2.1MB
-
MD5
637e0ef5d12fd38122ea517dc57854f3
-
SHA1
169c40bbfa251680af68dbac9dbbca5bfdd60d61
-
SHA256
a20d56ab2e53b3a599af9904f163bb2e1b2bb7f2c98432519e1fbe87c3867e66
-
SHA512
c82f9087dae66a87adf0dbca6834854bb21f15252cc6f571b595895d07f8ce368832bfd380df51c2f4fd07287a7ade0a81b5636a1e72e2ac18ed2dc66f51262d
-
SSDEEP
49152:bGgJ3vE7rwsY5+a+h1cHkUnl/u9Zx/PgxeAaE+bK2i4rG:NavI5+qHxsgxeAenrG
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 47 IoCs
flow pid Process 2 3972 rundll32.exe 4 3972 rundll32.exe 5 3972 rundll32.exe 6 3972 rundll32.exe 7 3972 rundll32.exe 9 3972 rundll32.exe 10 3972 rundll32.exe 11 3972 rundll32.exe 15 3972 rundll32.exe 16 3972 rundll32.exe 17 3972 rundll32.exe 19 3972 rundll32.exe 20 3972 rundll32.exe 21 3972 rundll32.exe 22 3972 rundll32.exe 23 3972 rundll32.exe 24 3972 rundll32.exe 25 3972 rundll32.exe 26 3972 rundll32.exe 27 3972 rundll32.exe 28 3972 rundll32.exe 30 3972 rundll32.exe 31 3972 rundll32.exe 32 3972 rundll32.exe 33 3972 rundll32.exe 34 3972 rundll32.exe 35 3972 rundll32.exe 38 3972 rundll32.exe 40 3972 rundll32.exe 41 3972 rundll32.exe 42 3972 rundll32.exe 43 3972 rundll32.exe 44 3972 rundll32.exe 45 3972 rundll32.exe 46 3972 rundll32.exe 47 3972 rundll32.exe 48 3972 rundll32.exe 49 3972 rundll32.exe 50 3972 rundll32.exe 51 3972 rundll32.exe 52 3972 rundll32.exe 53 3972 rundll32.exe 54 3972 rundll32.exe 56 3972 rundll32.exe 57 3972 rundll32.exe 58 3972 rundll32.exe 60 3972 rundll32.exe -
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 3 api.ipify.org 34 api.ipify.org