Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
20-11-2024 02:50
General
-
Target
f2d65b594c69bf7157a7a7900b4410032fd89e782186b8f001640412aeffcde0.dll
-
Size
421KB
-
MD5
1cda976305183864d4bd0e9fef64038c
-
SHA1
fb2f7fdb705a1ab6db62d0889ca6012a0f7ace38
-
SHA256
f2d65b594c69bf7157a7a7900b4410032fd89e782186b8f001640412aeffcde0
-
SHA512
73684e398359db57f040d5fcec2afd60700aaa02f305ef610f02613ca8df0e2b215a9ae2f9880ef5a44629089b823664fb8bd01dbf17938154d82bb574d6acab
-
SSDEEP
6144:5F/pG4LWq/IkJakr3xrbKgxXZ0UnrQ6O6agZCPUgidwvRC4Kmnc:5zPWJKakNrbKSmb69ZNPUnfnc
Malware Config
Signatures
-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Detects Floxif payload 1 IoCs
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 5 IoCs
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 1 IoCs
-
UPX packed file 9 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 7 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 52 IoCs
-
Suspicious behavior: EnumeratesProcesses 9 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 27 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f2d65b594c69bf7157a7a7900b4410032fd89e782186b8f001640412aeffcde0.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f2d65b594c69bf7157a7a7900b4410032fd89e782186b8f001640412aeffcde0.dll,#12⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32mgr.exeC:\Windows\SysWOW64\rundll32mgr.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1488 CREDAT:275457 /prefetch:25⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2704 CREDAT:275457 /prefetch:25⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD57d293d58b55e599e77c89d9bfbd44c05
SHA1a56045033493fbd8a9ae7d5a4e48143061096fc9
SHA256dc96070f103c7a64984eca6c16b5f57b3ffece6b92badde074dd3be61da0ded7
SHA512f6b13a3f0d0d843b900efb39e1728e8515665f980df28b2b5859d2d8b380dcf5d9b20ac09fa54f2e22aa54d8491b44ad06b145d789dab2cccd6d94fb9057a304
-
Filesize
342B
MD5198f06956180270de0e5ece3496c42a2
SHA11411ee4e5e71343d01f950d2e74afa062dd83432
SHA2564ea63d58bda804f7fb8296b201a28360fb4a52c8d32f96b998483068f19eb05c
SHA512b0541f4def92d7d94db4b046250532e7aabb09417022b0bac262168d31365a2d8b68542a151f7e99f2201ebc2911399bab734bb08d6d3198c5be5c8a2acea509
-
Filesize
342B
MD5ee061e967b5473d169b490603e47b42a
SHA1a46342dd9767899f37afc0b7816005b5bf665b8d
SHA256d8f32fbb51fc89679b5972f72c932f223bbee52d95f5a89c703b5a2d32feae8b
SHA512885714e5046684b1e8e9aaba94274434109aa4bab233065f75ffb0cb2a0e5748864748aaeeb216c96688dedca729ed85c0109274a4be081faf83090309c7b72e
-
Filesize
342B
MD548755d6d280fe962223cfcfeaa6306c3
SHA1900c09e4f58bea4ad4a2368d37a28d5556df0e3b
SHA25646690ce1ec1894b7f705e017dff234290ee5863113e9b3c789848dd6000d9a3a
SHA5122459e0569fec805a93f503a2c1af1db3e6988c0bf7c9e2fd46db6b53727480f4b4626087514b8b07ba50248624dcbb3e5faef1e53a1a7aea7fae51b035cb878e
-
Filesize
342B
MD5af1b1196e9ce24693576f7753a0666a7
SHA1f0f547080a1753998da9646f90fad6bc99c21173
SHA25672e84e29b07a63ac62bb985ccca0be56210a15a26421fd47f24a2a8d2d01b385
SHA512bb311b2fcff5269353a0511ced13fa81a7bdc39496cb27b9b2a6de901c48fd4b7a1c4446087260b2aa99f78a972c18b68c802fd175a964f9a0e5bd6f9e6c57cb
-
Filesize
342B
MD5cbb8addce38fd1df4bfde63088e48692
SHA122bb4b425d5f0b84c4fb9482189cad0baeb5d801
SHA2562804af2913b6e3e47fe2453003b4755bf3157bfb97f1f3bc7c34ff1a33c862bc
SHA512bdc13efdb768afb78eefea66ac7784c5341b9572990ec13efd2b91e44259f772d1f5d5ed2606c0ae8abd2f8daa1c219a34d5b0f4b0b450769942af7c19d0c673
-
Filesize
342B
MD520f6036915ae48ca8b0cc277ce183536
SHA116f61630f86007d2550319a7ab5f40bb5b8dbc89
SHA256f17a0077f4398c09ca5819009062fa725569f4e5209d8e2b236e18905f25bc6a
SHA512b06d72aff97389bd5aecbb5fcb562713d4d59600efe36bdf2243433e2bc3c4ed27f10c8e6bf2ebf8c8765a6ba973fb4535de63fa98d127824495f51e224613c6
-
Filesize
342B
MD55a5b7c207afc8506fd87b7f632d548d4
SHA1684a9d810e2c3c1f09018f80c3fc6759f032abed
SHA256f2de7b6ca183cdbef4854cb0d8fd279e9c9314db8c76a6a04bd9b2b80ef92184
SHA51258492a41fb088769814ec1fa4f9ecdf93615cdf777e9c267f18e71e7aa5ba6034698c84091c81328ff376230d460f2a4ab5b15561250da4346666d8621d405f8
-
Filesize
342B
MD53e66627d0c6a6fd419522bd4c87e6f73
SHA1eeaae1c08c633f32dd11a72b4f46ad422b0e1a3d
SHA2560641258184edc84d903b9c6361fc2bee32b83175b838791f1782182187b47705
SHA512b38da0a98401f86e7d5077765d959fc6c3e1557169954b765485a7b991512dbd9efacc5ad77845a3932097ab6381a14c2b65704dc899c4052491fe0469878032
-
Filesize
342B
MD5ddc65bb487ac64582d8e90a19e82a2cc
SHA1f4c79ea6887ad640577d19fa2f5f70726cb9898f
SHA256e3020e1d87b2133dc971d27f9f07668aa5fe4ab788b7cfb7c1cca9bbad235fb2
SHA512f4fc4dafec75b0cc3d44f944a5cefee370798accbbb5701eac44b5ec21c64126e613d55e71beff787eda060bd21626dd0861a5b44a183adbcf54165bcc54e455
-
Filesize
342B
MD544ece2605177a6787182f22520880eff
SHA10ccfe020fc22db913f7fd03c314e3c88f9631c4f
SHA256d91876ac51c70b628d247e202b8ec363e19e27a4f6263884a2f776fc28e10cd2
SHA51295cfb28ccdb9f45b3c8553b5f9e95f2eec35be0e310279672f36b4ea869c7f3b4656435d340ab19e8a8b3b177300fed1f351c31ac543ee4754aacff824c7b007
-
Filesize
342B
MD5eb0319d95cfa092161b08afac9017bea
SHA1a4f8ffcd15119fd1900b38460d08d7936c2902d6
SHA256aa1cb154616d52f7524bede036171e0325f7cbeba10518335fb2021974ae36d9
SHA512fb7002a376cd225b7a338a131e15c04db29df34827e460bcc5537ad124b901fc5ce85e4bd94a84ae4598480a482288d82e4f11e2ae7417973d5c5646d92d67a8
-
Filesize
342B
MD50fa99e860fc6444b57c4c2c7778ddaa7
SHA1c300541bfd02cc9286c910968349501e71a8f43f
SHA25681f99c81ad1a5c7630c1e9e75e5db17f434bb3ff6b5078a8b90c39d82d32d0f1
SHA512ce1884002264ca98a5e4875ace1b1f0740e176c6de4badd3a4dea4a71a6d9a7095c94f28784659eab46e6b103d1ad7935c7dc3952cbf51d5ba15d6fe9b40909f
-
Filesize
342B
MD5952b545ee3a64a05d509f27428f9e981
SHA1b4eb01df867a0503eebf9b7466b7a04f27ff8908
SHA256fc9caa570cc1684e981b536896a7950ed1d57d8ef24e0fb71908b1d864d7a67c
SHA5128b3bc7c6d5851267b70c71389c91307fbf632bf196d2ed13e659e9e8e1e0d987343594b787c58d086514b8f12436522481c5ffa0a538db52e14c99bfe288fb19
-
Filesize
342B
MD5b1fa63350a7718bc373edee874d4268a
SHA1d5a84ec9355a93b746a2b5c9e0fb035b71668554
SHA2562a51705fc4970bd792a46f5bf5315a547691bf391eb740a154b3166b30e9b1fc
SHA5126a0fce4451cd46d04a62809f3e7766eb7c4700f252b373f30efc532b46da47fd8bcad27b16cf2da0f8cf84f5cc079604028dc9fcb17166dc6137c5c09a5f8d64
-
Filesize
342B
MD5aab3035ff9d3bab7354fe9cb8055d930
SHA1dea9724ab206656881ea9c377a2db410d35e1a17
SHA256869251e909eb6659eb3aacb48a86a92b9b6915a606f55d25818b472c18bab096
SHA51283c160a83c798879252a22fc0b81bae8c82deb467fc6aaf05b504561ec500b782d98a50e4675157e60d9a67f8a80d07232d5e362d071492294ad7e3472a4e476
-
Filesize
342B
MD51fda909cea25f36c8197ff9ce0330e79
SHA1c4dce566a57689bafa037b27e175740a60fb2b10
SHA2565d49c86490d58d99c4a2d50a43b2e7df29f8bde5afdbd8f6884c2dfe73de9180
SHA51236a2267bb8af85f414907bf53e01b66130c542ff2eb68d8bd538c1beadd9af1db3f9192874b9c2f5fb07faf75475423ff7086dce80d50c67e17543b0746ffe6a
-
Filesize
342B
MD5dfcf2177d1fdf75595daee3f601ade27
SHA1a9fd57d2412fe15e3ca6c3a7b94541d10c2b673e
SHA256ee1091d80692dff4c46e5aabd8c547172d00bdd783416b2c4f31d42361ec8e4c
SHA5125986ca1648b96de12d3d0f1b97b2ffed069edbfa0c00039c159d319d3c53b2ff43d312cc70a5f89f8166e93ff124c86922fe7ba5fc70753e0a2786f7370f9f21
-
Filesize
342B
MD575f302ae47fc6bc43c0a24e7fd8053c3
SHA1bec5bccbfc08b31e1443fe29377b50a9fb198394
SHA2566a74a7f502f49a9813ea650d34b5b6b909fb93429f6dcff71f2a4b8c0c62eb9a
SHA51201cb87ead81db93b5ed8f2f219b9af542b52154ff3aa5c781131f48dc84847f4aab01fca57c453db41b94db4ae219c1b33ff53d133b70080d5ec52d7f40db91a
-
Filesize
5KB
MD5fe4cebc60cf65edbb788083bec39b4f4
SHA16e7f1c08f157b44f38d5518c7b6e16825c0c5ba6
SHA2561c3d438ed9234e94ad4d9168ab6c62ed1c68d0bea47669f1ae516c463592cb07
SHA51231326cd87e7c7f71c54b7fa7ed451a66b1cc14cbfbdf397bd7b67f77865fb789651735bb4b16799b0858bf6b51abd03cd505e7793acf7fc49a47edc2f74cb37f
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
313KB
MD59e24c9ea67e9ff4ffbb75042e5af9cb8
SHA1714d2c5145b1e7450d0f7f964d1dcdfc09235a08
SHA256ed9e11ef2177ecb71cf816227cc49c1646215990f69591a446a26de7eb656019
SHA5125c44001c4a68b84e1a0a4004e20b637b91dccc865f3afa19d4073f8581bb5593d174b5a107eb1cfa51e55c3daa80ce255ee8e953c11eeab094b7f4ead1030375
-
Filesize
340KB
MD53923fb85ef1695f984355cef4f9a1571
SHA131fe82fdc451a6978e8b5af2bc650b67faea9d10
SHA2569295604d2656cc2a68c823a3b69039ec52ea275a669e5f14e9bf715262e4c8f8
SHA512b4ada0a1afc07e5ce99f9ae69c32ae11a1be35092da2dedc64f9f286e32af74a653ecbc97b33c50820cfb93c719e52310d087eb5b744be647435cde5c625599b
-
Filesize
67KB
MD57574cf2c64f35161ab1292e2f532aabf
SHA114ba3fa927a06224dfe587014299e834def4644f
SHA256de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085
SHA5124db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab
-
Filesize
177KB
MD55c65d0f7ed0cf850e4e9cc219233d133
SHA1093b25fe1598dbce3c9cb3aaf7da89f9e6fa321c
SHA256c25c2eaf1dd5165bf46a36d9420d7fe718cb866831b91f22f55561fed08c7f4a
SHA5122d404c860e037bc7b7e400ff2369de91599f15780d82364f119b356706aa3140499816c00a2bf99ba443206788ab0da527b16c3057372f803c5c112c2eae5d74
-
Filesize
4KB
-
Filesize
192KB
-
Filesize
192KB
-
Filesize
364KB
-
Filesize
4KB
-
Filesize
364KB
-
Filesize
4KB
-
Filesize
364KB
-
Filesize
364KB
-
Filesize
364KB
-
Filesize
436KB
-
Filesize
436KB
-
Filesize
364KB
-
Filesize
436KB
-
Filesize
364KB
-
Filesize
364KB
-
Filesize
436KB