latrodectus | adf05622d174be0d74cf9a19fb33b6c3bc0491dd32b71693487d0f1c36f14388

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
30-01-2025 03:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

adf05622d174be0d74cf9a19fb33b6c3bc0491dd32b71693487d0f1c36f14388.dll
Size

1.4MB
MD5

9c1602200e4b5003639415dba13ea5e6
SHA1

f0cd4f3e407b540961b1b94186cb7fae481604a5
SHA256

adf05622d174be0d74cf9a19fb33b6c3bc0491dd32b71693487d0f1c36f14388
SHA512

a94edc5cdacc6dbffa4c6b35d5a7604b571b58c79f3ce9664a729ac4ad9a4d4a41aed714aa0aaeb5c6c0f4ba9d126d9a1cd998bdcae47db80baf6b9a8f708e33
SSDEEP

24576:oHiXmF53kj7zIeoIU1EUVYwQHcTHToXoV0oZuy:oHWmF53kMxQ8THEt

Score

10^/10

latrodectus loader

Malware Config

Extracted

Family

latrodectus

Version

1.4

https://piloferstaf.com/test/

https://ypredoninen.com/test/

Attributes

group
Sigma
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)

aes.hex

Extracted

Family

latrodectus

aes.hex

Signatures

Latrodectus family
latrodectus
Latrodectus loader
Latrodectus is a loader written in C++.
loader latrodectus

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 2564	3032	rundll32.exe	31
PID 3032 wrote to memory of 2564	3032	rundll32.exe	31
PID 3032 wrote to memory of 2564	3032	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\adf05622d174be0d74cf9a19fb33b6c3bc0491dd32b71693487d0f1c36f14388.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3032 -s 132
  2⤵
  PID:2564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3032-0-0x0000000180000000-0x0000000181CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3032-4-0x0000000001DC0000-0x0000000003A70000-memory.dmp

Filesize
28.7MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads