Overview

overview

10

Static

static

3

59adc93af7...52.dll

windows7-x64

10

59adc93af7...52.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02-01-2025 09:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    59adc93af79d22255cdabbc1b4ffbbf8bd705cfb793e7e8e5d915132b7921052.dll

  • Size

    1.8MB

  • MD5

    1303a979c92d157c5f7cd12f512d089a

  • SHA1

    c52f67cf875f1c657cb4bee95d0e3d551ed07e03

  • SHA256

    59adc93af79d22255cdabbc1b4ffbbf8bd705cfb793e7e8e5d915132b7921052

  • SHA512

    1a521f99860f6f701026fa1673a7bda0a8a0e7305bd1bdd0f7546e7b22b7f1be046e02354d7a9ac3bf65888f73e3a39a55e0b7340aa7905d0ce829b2a3522489

  • SSDEEP

    49152:w3X2Bw1Eg7WwyEURY5SyZ0z83Wh22Tjz1PcBWV0LCopudrEJdcYgGpuBdYuNF+B/:wWBfg7fyvRY5SyZ0Sg22TjGWV0Gopudg

Score
10/10
floxiframnitbackdoorbankerdiscoverypersistenceprivilege_escalationspywarestealertrojanupxworm

Malware Config

Signatures

  • Floxif family
    floxif
  • Floxif, Floodfix

    Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    backdoortrojanfloxif
  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Detects Floxif payload 1 IoCs
    backdoor
  • Event Triggered Execution: AppInit DLLs 1 TTPs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    persistenceprivilege_escalation
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 7 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 1 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 8 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\59adc93af79d22255cdabbc1b4ffbbf8bd705cfb793e7e8e5d915132b7921052.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\59adc93af79d22255cdabbc1b4ffbbf8bd705cfb793e7e8e5d915132b7921052.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1276
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Enumerates connected drives
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2652
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
            PID:2896
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2708
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2708 CREDAT:275457 /prefetch:2
              5⤵
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of SetWindowsHookEx
              PID:2588
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 260
          3⤵
          • Loads dropped DLL
          • Program crash
          PID:2680

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2b887c66e4282e4618641d3972361b72

      SHA1

      745811a17bb338c8c112beff5adab4a33149f21d

      SHA256

      7462d06941af9eb4bf9bb5f1cc41788a0f3b2e205ba7c62be0a1f225441035c9

      SHA512

      1f0d6134f96aa186ba69873b611202c3cfaa4bf7c640e9c68d44b236b83825a3c13189873f859de48ef8de90aa4e1c5d95b90804450d7efd41f4d107696da882

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bea107ab57b0190199af6f8a1ea2121d

      SHA1

      5d79c9992cebe7dd4e3b5b28727a24cf34249426

      SHA256

      259ddb30f8096192759afd8a39ad7ea36d28340c219b4fd7583f8aaebf9c7c9e

      SHA512

      ccfb2c54d75d7d2910874726a5f5985ce3bb8103def751b56c6aa45998dc41743bd95f59a7083897fc44f98cc5c98883831d299818fa8ff1595b3ce5ea59fad6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7b62efa2b4ae641e30f834cac4624c19

      SHA1

      920ad0ee6bd88d68c365c173b036dfcd543a9910

      SHA256

      0db59c3174ee81c7037b9a00198b24f0e5411367b2c1379dfb79e28cd5bd4b90

      SHA512

      e9c133db104b91ddaf0fcd9eec9069c99cd3ef24de3f6732127eed74f3cc846265fa0c61f9f8890d54c6626d4e4e8b4d4688ed05133fdf3cf0e33f569b4f7b31

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      45e50e6551f4991c3e645ef18c86a468

      SHA1

      95e04a98fa596df002317ed22e91f0b04d8d62e1

      SHA256

      65266626fa391127dadd2a1f82a0f8505331de840a9487a698e4633409787015

      SHA512

      ec767f9380ade153a6afc0c4f86538ea3200d6824f4a4660ab9c74698a48cc7367aeeb42a3d775b12ef80ff03a857297810d02fdb2c7e21c5443ea1c9134d61f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      edb99523c4887fbbd0d7f94c25155aa3

      SHA1

      44d2eb88db88fdeb1a00616d32019570a6ae165d

      SHA256

      9506b9d7c4e6187ce60d51640f492de18d29b42e060177385edab8b44f2b2905

      SHA512

      1b3cef746b0ab4031ac70066ccc2db19e18ff3e6cb3fe3e6f1cf814e412112eee8c2748075f26794dca4a21d4ff568243179cf7f89b81699b3b37537d49ec38f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d8fab295eae14da87c3204e1ff912f6e

      SHA1

      b78dcd04ce8ad43ab0e64e3abf40210fa93157d0

      SHA256

      f4c443e78e29e8c25a861eec425bf7eb2d282b6b5c79da089e8544b13b953fe8

      SHA512

      b04ce60d252dd9896238eadeb53ab78aa1e1f70e562e111ab9e687e4874c65346b98b055da092e3498e3b855a2fc33fdeb8a28d685601d623b28a8eec820952a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3093e9582d46c74bd2902d96bf925c17

      SHA1

      2e3be5f88efa824e257ed8d51f89ffeb4a44f857

      SHA256

      fe440aefa62171617ca32cbed154e6ae76d9c41b5056e98d31dd7f343441711c

      SHA512

      da18a36723bc135ee49ea1f9e0d17a43c9f136f7bc65b9d695688be7373e1aad09f7d0a0678a2afacb220b8f2c13597fb80659e53288735aca2b74690e4114e7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2fc6de3aa406fc1be61d5fec2769a314

      SHA1

      02cd7ea54bc5d12957ca6df450eb17386f74c3b4

      SHA256

      60b4fdc8ef5df996d152c49a3e9bdcbb1dc7346587b941ab3c6c470b706cb24b

      SHA512

      45dfb53a066bde8425e3162d454ab8c4f61686f56cc9efa0a2babd98c5176717f1d4b35955e78405e6157f3a0660eec442cf1e132a7b29c3037cb10d9d89ac83

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      74cdb2593697ba898654b4f40e1e3594

      SHA1

      1271f742e5014647b2e99305928412e132bf91fa

      SHA256

      29584f7382659d38487b61ad0f8fa049a077e1aa524e3846b1b5895fb7842bf6

      SHA512

      6fb3bb65030beedd6cb26b5dff253ed373bbb2d3b2b0133a77654f4dd8cfe03f3aa6bcee1bf33878f0f61b60f9a6bae210a475dcb1801587049b568c1da5e3ef

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b778cddb2e6ffc159bfe313e15d23083

      SHA1

      fc998052a4486075aa9fc284bcb76518b3d6e48e

      SHA256

      68c842a2516459457c002de9f78382ebd44bf9b0635c105eb48f66cedba20869

      SHA512

      cc4b020d17b1cb8949bd273f96000d8bc4cdb5a6fb0f64ca832036bd4d0fa4d7bbc226d8ce764499012611ce0efb3589309fa24896e63e1742a090d672c58f63

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e2c252b5295700605effb1227d1922c5

      SHA1

      b0fabb20e34182f0fe27a13e9e40bfd650fc9673

      SHA256

      0c53d47239eaed4ce9f00853c7de6c4ad1ff7ceaf1e44238ef28b7558f607cd8

      SHA512

      f94e03742e43f3253541b712c1f5d5456b073e9ea6a5746b45de5b16ceb794214eaef8e8b11a83ec3ec17f3aaf71804e2500a2c209e234598f89ece82accf931

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      74b8169eabf32b190b375e04ea43b275

      SHA1

      d877fceb9395b4058e16af54bc70fcb3b47ebb7b

      SHA256

      48e77ab6de628fd0fb7a4a216261e3bbe83574753be3afb53c3c72d77ff8b979

      SHA512

      3e28e73b73594415780b262d3f5e51b1207019d144d5fea3e6bba6d24fc8da4b16bb0c9431af447999eedee0b9b5be19991d5dfc59206067bf7f31b682030126

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ae3b70d08591432345eb7a45e0a260d6

      SHA1

      41ca02c62548bb7d3c697a22f9c9a66e111c899e

      SHA256

      f3a54167aa1afc030372d35bc8ccf5e794f349d2ac40d63510e338e4863fde4e

      SHA512

      a688e19cdcbf00abdfacbf8dce5c5e399cd48580deb5793f6a5a8356873eea6307559e02cc46215148954364a2312505d62e88e23bcaaeaa533a7188efb68606

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f3086b64854cbcbd10507606cc2c1de8

      SHA1

      bd47d304148d894062749ebd61d304f2d69d267c

      SHA256

      f6975099c05388e8f0fd715e8e35ba1f0732fb5a070ef8c4ce8b78dd5da52dd1

      SHA512

      80c07693ef8af7ddcbbc64a7eeebd90ff083dcff24805afcb0951f999cf0a3e001f6a18b888be4a46600b5ed1684084af1e9686e3e0002e84617d5ccef158dc9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a12a035c8e720209d9a3b897f43d1864

      SHA1

      8df53af20dd72fae8f468157d62a1d8b7463181a

      SHA256

      2bb129f3431647933db4aabe8b16def9663489ce83293811389e21e3d2bd94b5

      SHA512

      c107c8f9afbe592de7bca96a79a2770d6edaf13d3e55b3f2c906795117434890146af93ca0ff82e25316cf6a7f991882c19d5c298bc531b3f596f10a5e933af6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ccd2a47dd843d6d3ebbcb9a476a6372a

      SHA1

      e949782a73e73241f31245649b168fae183cb248

      SHA256

      603d03aa88d34c144e5f6b5b174df2bffe10a2309dc21d5142c784f408ccdbda

      SHA512

      472359849048bdc8f4b09f473013cfcfb7a80c1d0a92554a78f363d602d8274d7e422e82c1b9277aacf857554b8af7d685bfe7074d0f8944c06d3d235e7a51c0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3c7ef98cc44c7d0349d87bf50ad230b1

      SHA1

      50c60db91c0246e18e8712b56e982c4f61700051

      SHA256

      43176ad102d106e721830e434eb533a84e12c0c9ef137a927b6490fa3d86b31c

      SHA512

      5590bc642c45fa3f870bc0909d84b5bac1676e5e1174d4ad1f221992535fd28ab1c37e74c0e8b04aa3ebed2f8fa6a4b5ad18c6d4b2ff7f60189f65bdc7ebcec3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      76c443764c8fc894999c5e6f05b9098e

      SHA1

      02180490755d335f32d92868bb736beaf13fb96c

      SHA256

      518f690eb1ae0ae27be25623807fda5d9bd5bd7fc0348cc63399f661f34ea1a9

      SHA512

      cf5f40b266926bc1b99b2e5759defd05ae435200c4db5df85ad1f32a97da369ec941fc6fbed11b08bb7424805ab12dccf92a583034c9d0679e6a25d327447a70

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f689500c79b4ab7845967def55eb0e9d

      SHA1

      20a80c44eff710f781b4445236255eca5a5a005a

      SHA256

      eb5d159f70c6f214c067b7c409ea82240efcac525204cec5715922c131e3c9b6

      SHA512

      07d9a4146addeed489056391fe33fff7fe26ff6fb34b5c5e26fa099cbefeb95c031b0662d65a298390c961363d83d5bb6b8613c234097689efbd0edd53fc397b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabFF97.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarFFF7.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Program Files (x86)\Internet Explorer\IEShims.dll.tmp
      Filesize

      313KB

      MD5

      10e7f0460db145d6c4853baee86c056a

      SHA1

      818b8cc93780a99db72542c476c1efc9a0d86c2a

      SHA256

      10be92623fde483b28af48b023cde2fd78a0f25f0b08a331729bb9a31daa6cac

      SHA512

      b8ae8d07d9f9167281b404857a9456062c423dc3a87835b0cd906fd2b87b1037629f952ea7bf4ac1b8f7cebecc985c82c0ca80b6ad467c458d62088d03bb610c

      Download Submit

    • \Program Files (x86)\Internet Explorer\ieproxy.dll.tmp
      Filesize

      340KB

      MD5

      4a26de7dc0a02d1125178ac4ddbe24ab

      SHA1

      1d4b494171c607a1b2e223288119fe8167ca1972

      SHA256

      f7c3e0df4c9781493325b9a86dd05e01ead75cf44875ccb7c250b3d04590d899

      SHA512

      0425ff63bdea399260543c21a2bfbda3f4025f5be76e0402d83370560025811400e6c6503bb1ffd5e924238c00b3f16975c09a2c05c2be1c214ff0dfc8ba6355

      Download Submit

    • \Program Files\Common Files\System\symsrv.dll
      Filesize

      67KB

      MD5

      7574cf2c64f35161ab1292e2f532aabf

      SHA1

      14ba3fa927a06224dfe587014299e834def4644f

      SHA256

      de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085

      SHA512

      4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

      Download Submit

    • \Windows\SysWOW64\rundll32mgr.exe
      Filesize

      209KB

      MD5

      59859a109082f7ce78fd48ae3c8b1441

      SHA1

      26aa26e72ac325967937afa567ac3b043ee06464

      SHA256

      1b9874755981b2183c3d2fdd25f4f09d869484dbc6643c4b62cea86e7b9fc39a

      SHA512

      5943a6829eeb75e23bc4f9d878dbd51629c7a9fafae913d9c3037a6b0f328708aae452b2bbc3696d7c89d47690295dceddbdcf77b1623ce7fc629cb4c21841a8

      Download Submit

    • memory/1276-15-0x00000000002B0000-0x0000000000313000-memory.dmp

      Filesize

      396KB

      Download

    • memory/1276-8-0x0000000010000000-0x00000000101D3000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/1276-2-0x0000000010000000-0x00000000101D3000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/1276-468-0x0000000010000000-0x00000000101D3000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/1276-12-0x0000000010000000-0x00000000101D3000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/2652-16-0x0000000000400000-0x0000000000463000-memory.dmp

      Filesize

      396KB

      Download

    • memory/2652-38-0x0000000000400000-0x0000000000463000-memory.dmp

      Filesize

      396KB

      Download

    • memory/2652-23-0x0000000000400000-0x0000000000463000-memory.dmp

      Filesize

      396KB

      Download

    • memory/2652-17-0x0000000010000000-0x0000000010030000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2652-21-0x0000000000400000-0x0000000000463000-memory.dmp

      Filesize

      396KB

      Download

    • memory/2652-20-0x00000000002A0000-0x00000000002A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2652-22-0x00000000003D0000-0x00000000003D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2652-39-0x0000000010000000-0x0000000010030000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2652-19-0x00000000003C0000-0x00000000003C1000-memory.dmp

      Filesize

      4KB

      Download