Overview

overview

10

Static

static

10

Plugins/0g...oG.dll

windows11-21h2-x64

1

Plugins/59...uJ.dll

windows11-21h2-x64

1

Plugins/9O...Pn.exe

windows11-21h2-x64

10

Plugins/EV...LC.dll

windows11-21h2-x64

1

Plugins/FBSyChwp.dll

windows11-21h2-x64

1

Plugins/G3...uZ.dll

windows11-21h2-x64

1

Plugins/K8...WP.dll

windows11-21h2-x64

1

Plugins/KN...Hs.dll

windows11-21h2-x64

1

Plugins/PK...TS.dll

windows11-21h2-x64

1

Plugins/Recovery.dll

windows11-21h2-x64

1

Plugins/Rs...xj.dll

windows11-21h2-x64

1

Plugins/Wk...pi.dll

windows11-21h2-x64

1

Plugins/fzAgyDYa.dll

windows11-21h2-x64

1

Plugins/mM...GA.dll

windows11-21h2-x64

1

Plugins/ma...EC.dll

windows11-21h2-x64

1

Plugins/oYsKwDG.dll

windows11-21h2-x64

1

Plugins/sJ...zK.dll

windows11-21h2-x64

1

Plugins/yL...2P.dll

windows11-21h2-x64

1

Plugins/zV...LS.dll

windows11-21h2-x64

1

Stub/Stub.exe

windows11-21h2-x64

10

skibidirat.exe

windows11-21h2-x64

10

Resubmissions

16/11/2024, 13:28 UTC

241116-qq11yaxejd 10

16/11/2024, 13:22 UTC

241116-ql9ghs1mcj 10

Analysis

  • max time kernel
    209s
  • max time network
    277s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241023-en
  • resource tags

    arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    16/11/2024, 13:28 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Plugins/Recovery.dll

  • Size

    309KB

  • MD5

    08131d6801c109f0764a4fe690aba8ef

  • SHA1

    e732af02326483700eda52ff40dc70cff6b7afcb

  • SHA256

    bc3a9390c043f8002e356ad34b2b11d3486682d0c275ab6729bb4a312e324f51

  • SHA512

    228ab0aa0ddfdb0c099f1db5112304d776cb97ab2dab376d38023e446cb2aec30d9585eba444818f3241ffbc28565a1aef11f97b5b42bf57037de8e4a8536e2a

  • SSDEEP

    6144:sb8xPy7+NKMDMAlcn38OxKl9x7qs9Pxcm0AUNy9rsxLaxHUX:sbBMDMVqfBdcmDBuX

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Recovery.dll,#1
    1⤵
      PID:1712

    Network

    • flag-us
      DNS
      23.236.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      23.236.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      226.162.46.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      226.162.46.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      ocsp.digicert.com
      Remote address:
      8.8.8.8:53
      Request
      ocsp.digicert.com
      IN A
      Response
      ocsp.digicert.com
      IN CNAME
      ocsp.edge.digicert.com
      ocsp.edge.digicert.com
      IN CNAME
      fp2e7a.wpc.2be4.phicdn.net
      fp2e7a.wpc.2be4.phicdn.net
      IN CNAME
      fp2e7a.wpc.phicdn.net
      fp2e7a.wpc.phicdn.net
      IN A
      192.229.221.95
    • flag-us
      DNS
      ctldl.windowsupdate.com
      Remote address:
      8.8.8.8:53
      Request
      ctldl.windowsupdate.com
      IN A
      Response
      ctldl.windowsupdate.com
      IN CNAME
      ctldl.windowsupdate.com.delivery.microsoft.com
      ctldl.windowsupdate.com.delivery.microsoft.com
      IN CNAME
      wu-b-net.trafficmanager.net
      wu-b-net.trafficmanager.net
      IN CNAME
      bg.microsoft.map.fastly.net
      bg.microsoft.map.fastly.net
      IN A
      199.232.214.172
      bg.microsoft.map.fastly.net
      IN A
      199.232.210.172
    No results found
    • 8.8.8.8:53
      23.236.111.52.in-addr.arpa
      dns
      277 B
       710 B
       4
      4

      DNS Request

      23.236.111.52.in-addr.arpa

      DNS Request

      226.162.46.104.in-addr.arpa

      DNS Request

      ocsp.digicert.com

      DNS Response

      192.229.221.95

      DNS Request

      ctldl.windowsupdate.com

      DNS Response

      199.232.214.172
      199.232.210.172

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.