Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
-
submitted
20-11-2024 02:54
General
-
Target
f2d65b594c69bf7157a7a7900b4410032fd89e782186b8f001640412aeffcde0.dll
-
Size
421KB
-
MD5
1cda976305183864d4bd0e9fef64038c
-
SHA1
fb2f7fdb705a1ab6db62d0889ca6012a0f7ace38
-
SHA256
f2d65b594c69bf7157a7a7900b4410032fd89e782186b8f001640412aeffcde0
-
SHA512
73684e398359db57f040d5fcec2afd60700aaa02f305ef610f02613ca8df0e2b215a9ae2f9880ef5a44629089b823664fb8bd01dbf17938154d82bb574d6acab
-
SSDEEP
6144:5F/pG4LWq/IkJakr3xrbKgxXZ0UnrQ6O6agZCPUgidwvRC4Kmnc:5zPWJKakNrbKSmb69ZNPUnfnc
Malware Config
Signatures
-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Detects Floxif payload 1 IoCs
-
Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 9 IoCs
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 1 IoCs
-
UPX packed file 8 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 7 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 52 IoCs
-
Suspicious behavior: EnumeratesProcesses 9 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 27 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f2d65b594c69bf7157a7a7900b4410032fd89e782186b8f001640412aeffcde0.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f2d65b594c69bf7157a7a7900b4410032fd89e782186b8f001640412aeffcde0.dll,#12⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32mgr.exeC:\Windows\SysWOW64\rundll32mgr.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2556 CREDAT:275457 /prefetch:25⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2820 CREDAT:275457 /prefetch:25⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5e66e478da9030d5f389a3ccdd7472df3
SHA1195784100dd5b4ceaaf8a3158c0c2ac13296bfc5
SHA25613357bb0ecd3ae14332dd8590ae41c787b9f6e68d9b7199cd76b7a68e84bce73
SHA512446bb0bd7d7cd88649666b88092eac304f8c2b0704cc8e8a748368e43b919755b6fe7c5bb4f2573f77ac2e8d6f93f8e6bf18122168cc8e6e425cb6e77bc82e3a
-
Filesize
342B
MD552a9fd48a5ed54dc8cf54785d815f3e1
SHA16b7177ae99281ba5db1ca584a2ce01161176f14e
SHA256ecfb4a16e9ae3976536ff82b395910ec6a4addd03b75b6cafbbad70f0ecb23ce
SHA512550551bfb8a489fdcbf45a090fa5db4560c0c7036a277a440fa46e1a1a1c6b6c363e9b7b8bd7e5536ec74679b1a2ab3fd13356a4159e8b80cd62c5863a6f5ef1
-
Filesize
342B
MD513b51f075d6d85606ca6dbe4450c0ca9
SHA1ed581da7dcc39754b6bada1bce9c2218fafe9625
SHA256961435476831c7dbc3bd9354528ba33e60a9de8784247fefb0f638100a8a6a2f
SHA512e8c96740a3af70455fcffe082ed5737a21be6a393c8a4db712063a609fa47a5c05548129158bfca4c6c29f79b91f776afa3fed1812c1f764402da28a43ba4c1c
-
Filesize
342B
MD5ca322f5e6532eb7dc2348ec17275ae61
SHA12fcd8ce498f175e76ba158c2fa5747e5b225c985
SHA25604cc0db1910bdc1af08f8c8ae259f056f9cf8aa366e331cc1f87e63a837c3560
SHA5123e6193c41107fbaf7a97380b773c1b0de0fb4b2657d7fc1224f9b3f66ee65398ff78c5bc524a2c129a4ca159a34b637b92cd1da71ef38f1e016f7ab45c70300e
-
Filesize
342B
MD52c86d73007f0972df8bedf2c36686c18
SHA118c78027f39cfda75a3ba79e5690b97c9776324f
SHA256e3fd97d2c5ecc9f30115e29e097b1954c20e7d0374787a6348bbb4a14694c178
SHA5124cbd46cb04aa4fad5b68d3c973cbc881d5b88bc169339e960a0749733f41a8f65ad93f32b54030db4a34e77eb97b5ef32c35eaf75bb48a690b1f432f7d8ceacc
-
Filesize
342B
MD53b829612d29451b4bb62bc374f44f30b
SHA1c3cd947f7dda8081d2d29694318ce464cf7bc6dc
SHA256ee9fac896c645a5944262f4d41461102e0c00c41a20713d3669744d88dd48e0a
SHA5120781a95afa2abe3807839a11ef8ee7ccdb69f44152af52431526788a2ded9811d557899c3dc1e523ef5aa5b4cb06dc59e084efc2169316b5ec000cd690116da7
-
Filesize
342B
MD5974214b57b1ae39c0d170f7b4153f13f
SHA1641b1d4d9eadfe5cb34c36bd0e0eeab3f2b88150
SHA25695165178b17391bdf3e263e228a6f074fb6ea6f992ba1ee4114964f0ffbc7753
SHA5127eb41320c1022c88e093e8efed1218897da97e2532972d76fc4af651439ebc7e0d383e6f9321a58acbcb0bb50818f475617432757946f9dc5c010e1c1b4c1829
-
Filesize
342B
MD53c8ae31664b23968ccde57fd5ea46c59
SHA139b56e822f55507e75f48d60fed7436fda619108
SHA2566f8551af285ca5980b16d876c8dccd45a82ff7285246f57510ca82c1696635aa
SHA5127d37d12811c46ec9d113bfe1d1e77a9d97a3b04363a30a9f8fd1a71f20cca9b657a94e28694c9a2b3fa8383b3f5d9ae57ca54b1cdaca94a338c709f2869c205e
-
Filesize
342B
MD5dd9ecb67870c4ed53da33e104cdf9a6c
SHA16ec3f7b841bec8a5080bf6c6f7aa20b7fa0577d7
SHA25699c4f0c3acd12e19c7007d89851cc0635ff495043cb51f059b7fa1835a08f47e
SHA5122bf06f6f02b4456dcc9d3f092ae9c25f8ad22e79552d079e5234e808bd68f4f71ea88893d30d9c8e6e454bf99072e5e56804f9052745521ad3ce419037969a16
-
Filesize
342B
MD59ea0dfc324902cdbf1511114c57e3bb8
SHA12447261dc935517b6af61e4857fda35a3395f413
SHA256b5b2dab9c78ea99aad529fa93669010876ef5c9991a4ad1389962760fd6c0962
SHA5129b81943fadd78e7cbe6f0751de5cd51e525be142418c9349a23aa909fe76d619067cb62e9f65a487114633f68d847c8d721aaa4312a02c5c972f2e9a8e216475
-
Filesize
342B
MD50631b93124f764d62fea495b6292c4c1
SHA16022046b5b55d30cff02be3cebc2d21410b03c2a
SHA256e106de1e4df32fbb6e540181b8027ce028a29593ee354e32232954e3f6a45597
SHA51208558ee2870d339df17623966c3df7b54cd14c10e2e16beb3455770a9cc5efb12565b09e00960d88192b489e57623cd4d83937ad7d0d10a5890e1bfa744545a7
-
Filesize
342B
MD5ea30e8fd896104b95d3850fbe10f2f94
SHA10a2177b5be4600d28af37e6a40d3460da14a32bf
SHA25662aa6b5656e1afd0121e2a40094dbc6818faa6e56467c1d67a9faa35ebeb3890
SHA512e08f5c44d197ee531bdba1130c3cfcfa0e21bfea366377def5e7a94e5c99772435f14b7ccbce84236c68cd72b1e09e2f93da4ee15c09cf6dcaa1e278fb0c7b81
-
Filesize
342B
MD525d29302c3ffc8eeb17e2512b277827b
SHA17c2b727915a08151d124aa9fd20c26c5fa9eb2c3
SHA25601ed8e223ebfe0f6be76e61bf2909582081f206d607cc2c82449d813543ae718
SHA51282188694064847e3c8ede66cf4769a2b892e02bc9d4e9a29c28c71a6b6522fd4ecaec19333472b52ec0308162255df76e30f21ea69c2aa97474e2bc752405a59
-
Filesize
342B
MD5a9920ca2acb2a029ebe95eec0b8af8b8
SHA1883481463e56a446cf019aed82eb4cf90ccf46fc
SHA2569bfcb3e93e88f302dc6126ddc903a600c786b81c7542cd0b419b0425b0f9d7ae
SHA512a1bbe3c08f93aa3ca9ebfeff6a09cfa0c2de91b4d7e269b1ee8f69c0937a526df10765b28e09d948c16687c6a5057bfc090de6358a9b0a9a351f8e821f25231c
-
Filesize
342B
MD5708c8bf816a12e570c8526af492f6e90
SHA18943e74b5b954633d7f7eee768e079a909fb8744
SHA256dfed04c2bab9da8e12fe99860ef2b4035e602cbedb6678e02189e62c51f429c0
SHA512c76434d3c00b28a306d93b3e408653f5d453dfed14d8a1eac9665414d2aa51733bd43a8750851077d7c6fa067308e3ee193fb25aee7c3cd16436010dd3cf96f6
-
Filesize
342B
MD50d43a30ca0e0c61b963c8f3ea0c225bc
SHA102c3bd0b57d686f1487f1179d831be77b16e4628
SHA2569082701a9782c6ceeb2924b608d91b345e20b16cf0a93486bf23c38ec10e3dca
SHA512991f944705bff9099972ab27b85f2c29804b4e58985641f0054f046c4ad92f315b7bdce66150d176ada2b646c092a8b45ce939014e179ec548ddd346895ac31b
-
Filesize
342B
MD5d4b86bc36641cdd6bbffa0beb1b5ebdb
SHA10aa43d36337ce51963e8d7145e8538d063133c38
SHA25604aefc77690466106cd5c76e90689a4936a044093e4f899cbc627f2f69dfe2ae
SHA512652f438e07c12445de9396b7547707ed14f84a7e1ce0001b4ab64b10d058ee15d290c5610ec33ba85833f7912852e82327009f67500e2dd6383f8233e2b13224
-
Filesize
342B
MD5945b53caa50c7e3571019d5db6af06ed
SHA1b9cc7a3d8c53c12cf04f6c50ab8a81acfcaa68e4
SHA2569f025c24946793d1d9845f11c73cf53528fdf0f34ed52b514f807615c10ec491
SHA51233e0742f20661be042552e93aa41dcf8447356b94da0525fbd9681291a5c3fdc79adeec2d71496ae052d795e907c88709211edf8c8508d28b1126be4d35de7c6
-
Filesize
342B
MD5ee0de3c413b293b2ca31610481290d9a
SHA1d7d150f1c7af261dbe7d032a6685539e273ec28e
SHA2561131d5c8cecdfc783a4f06ebca6999dec1aa20203ab723d4338f3e9abe02f01f
SHA51263af961806c9ace10fd016d287fe97d7c6c32d24b8b11271a65f1e096c78ea994db0172a83b4a026f1feab3fc07671ce416d39c0ad08462a60cee6957b6b641c
-
Filesize
342B
MD580f0d610ecac252d9c99e5ca7e4d6bca
SHA1f3678ad9f8573ac7acffe495563643d7988c7ca5
SHA25687b493c6154f9d3c78e5dd7bd121cae8f5bd70be58a51223dc4366d7e1d591ce
SHA51239816515554c4dd59b00f5631de30480c6c646e399a566185a0d7b7185756230eca495ae933e2c4853a48b716b664f33b9eac454784cc46d026826428032ad4f
-
Filesize
4KB
MD591dbb54bda45ca065f3dd1dc90fc144e
SHA16a935bef9c4b36a4a13de33b25a244cc576e7677
SHA2564e320e1b348f67bb9b3e351ba0e87298890af699dde326d35754d3a51eb760b4
SHA5129bd870a5903bcd01588aa3eaf73ee79e6806671c15b3d3f9fb1295f5cede3dc179e12c5ddd58684220318ce5db42b8eef2f57a7070544993dce6b2c55455337a
-
Filesize
5KB
MD52a66459d38e7e54f6fea4d524742c620
SHA1261553d8f1656fe6715531e97fe15b90cac5aaec
SHA2568c8d97ec3c54852c28af021e3cdcfe0f4e714f0195457a02464728b78f30dac2
SHA51234235832f701fa7d4e58779f5455216508e117cb2255a091a163fd630674fddc085da8724b01dde25d954e04402a593f839a01805063fa6decd20c3aaceb0e90
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
177KB
MD55c65d0f7ed0cf850e4e9cc219233d133
SHA1093b25fe1598dbce3c9cb3aaf7da89f9e6fa321c
SHA256c25c2eaf1dd5165bf46a36d9420d7fe718cb866831b91f22f55561fed08c7f4a
SHA5122d404c860e037bc7b7e400ff2369de91599f15780d82364f119b356706aa3140499816c00a2bf99ba443206788ab0da527b16c3057372f803c5c112c2eae5d74
-
Filesize
313KB
MD56d054093cc283626af00d439d0510cd7
SHA1eb17b98ab76edc03dad0743d49e979f5505c784b
SHA256dd54475033c262ecf5c40629664dc95589467234c360d50359084a3c0078b433
SHA51271037a031e12a605a3bcb44bda4c4613f6ffddb03fd0174e4a7366e91c8f64bc9a34e3ca94f85830dd6e4927f4f595ed926b953c67bfbd92f1c7f39121fe4fd6
-
Filesize
313KB
MD59c08a51ac5fa69a0326d8480c51d4b36
SHA1cfdd75eaa9e8736dddeeb54b7e98a3ddba855781
SHA256c478cf010a02330d76339b88d49b9c2f261269147ed4dd813f601a373c4096c2
SHA512f11bbf162826c20c182a14d9a50e1ae02a4df8ba61434f0ca03745c5af835dcc305db42e29367967bc082f44d7c42b7bd5b0114e656dae645dbc48279a35a68c
-
Filesize
340KB
MD59b497542cdfac223d55fa67dc5a01a53
SHA1ccfeae2e689802c12dbb342f4762adf0e2609a95
SHA2562a40c07845c3870d30ccaf90c77b313a9e2171e7f565f297d92bd6caec45929a
SHA5127cf7b27b39254458ef11cdbb9135cbe36fc0a1b1020f497106cfeca80132ceef35e86c150a8e450314c3916e28b839aebce331a0208410dbb2aed4dd3cdd8efc
-
Filesize
67KB
MD57574cf2c64f35161ab1292e2f532aabf
SHA114ba3fa927a06224dfe587014299e834def4644f
SHA256de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085
SHA5124db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab
-
Filesize
436KB
-
Filesize
364KB
-
Filesize
364KB
-
Filesize
436KB
-
Filesize
436KB
-
Filesize
4KB
-
Filesize
364KB
-
Filesize
192KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
364KB
-
Filesize
364KB
-
Filesize
364KB
-
Filesize
192KB