Analysis Overview
SHA256
69af1d10dd1dacae362ab8fd4e5bcc97ddb363cdeb06a4bf1bc3db4dfc68b1e1
Threat Level: Known bad
The file libcef.dll was found to be: Known bad.
Malicious Activity Summary
Latrodectus family
Latrodectus loader
Blocklisted process makes network request
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2025-05-17 21:50
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-05-17 21:50
Reported
2025-05-17 22:06
Platform
win10v2004-20250502-en
Max time kernel
681s
Max time network
791s
Command Line
Signatures
Latrodectus family
Latrodectus loader
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libcef.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | daringdesigners.com | udp |
| US | 172.67.150.179:443 | daringdesigners.com | tcp |
| US | 8.8.8.8:53 | domtrst455.com | udp |
| US | 104.21.45.217:443 | domtrst455.com | tcp |
| US | 172.67.150.179:443 | daringdesigners.com | tcp |
| US | 104.21.45.217:443 | domtrst455.com | tcp |
Files
memory/4856-0-0x00000173C3E80000-0x00000173C5B32000-memory.dmp
memory/4856-3-0x00000173C3E80000-0x00000173C5B32000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2025-05-17 21:50
Reported
2025-05-17 22:06
Platform
win11-20250502-en
Max time kernel
678s
Max time network
789s
Command Line
Signatures
Latrodectus family
Latrodectus loader
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libcef.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | daringdesigners.com | udp |
| US | 172.67.150.179:443 | daringdesigners.com | tcp |
| US | 172.67.219.126:443 | domtrst455.com | tcp |
| US | 172.67.150.179:443 | daringdesigners.com | tcp |
| US | 172.67.219.126:443 | domtrst455.com | tcp |
Files
memory/2100-2-0x000001D3958D0000-0x000001D397582000-memory.dmp
memory/2100-0-0x000001D3958D0000-0x000001D397582000-memory.dmp