Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 7, 2021, 10:14 a.m.	Nov. 7, 2021, 10:37 a.m.

Size	320.5KB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`218d08982a5265df0cbc15074f75ff77`
SHA256	`b6b771c2a6791c43c9eeddaf9970d78a375d3b69661393fe084d930f18059602`
CRC32	`8B9C5A50`
ssdeep	`6144:n5jHbD+vl2r1PHGRWET0FJPsVCQ4ia2PcO6nBRsCWTEKuC45pv:n1Yo1cWfFiPF6nXsHe`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,DllRegisterServer
2840
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,DllRegisterServer
  192
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,akokcxvbs
3012
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,akokcxvbs
  2516
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,bclfsxv
2052
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,bclfsxv
  2136
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,abhdnlaifrqnx
2924
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,abhdnlaifrqnx
  2860
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,bggizexowcgv
1660
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,bggizexowcgv
  3068
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,btvuselluuqnq
2244
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,btvuselluuqnq
  2156
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,bvhzuerk
2804
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,bvhzuerk
  2496
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,bulbgpdughwjjs
2500
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,bulbgpdughwjjs
  2940
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,clpdzcotbrtje
3004
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,clpdzcotbrtje
  2892
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,cnxuegxbwcqnpqull
2292
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,cnxuegxbwcqnpqull
  3008
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,erptxjla
2872
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,erptxjla
  2560
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,eufyqefzerxo
832
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,eufyqefzerxo
  544
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,euthlvhb
1852
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,euthlvhb
  1944
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,exjambbxencnnm
2640
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,exjambbxencnnm
  2100
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,eykoaviljn
1908
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,eykoaviljn
  3128
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,fqgewwahgba
3220
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,fqgewwahgba
  3412
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,fuhmbqncbgikcgzz
3508
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,fuhmbqncbgikcgzz
  3664
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,fvlttbdomuyixlfic
3752
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,fvlttbdomuyixlfic
  3860
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,gaicnxcrbnpywykmi
3960
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,gaicnxcrbnpywykmi
  4092
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,gigpfwtuln
3156
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,gigpfwtuln
  2208
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,gjzcxpmdljxlcvihl
2452
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,gjzcxpmdljxlcvihl
  3424
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,gmolsie
3276
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,gmolsie
  1968
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\5662_1636108501_375.dll,grjhmdg
3676

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

File has been identified by 16 AntiVirus engines on VirusTotal as malicious (16 events)

Lionic	Trojan.Win32.Generic.4!c
MicroWorld-eScan	Trojan.GenericKD.47337037
FireEye	Trojan.GenericKD.47337037
McAfee	RDN/BazaLoader
CrowdStrike	win/malicious_confidence_60% (W)
BitDefender	Trojan.GenericKD.47337037
Ad-Aware	Trojan.GenericKD.47337037
McAfee-GW-Edition	RDN/BazaLoader
Emsisoft	Trojan.GenericKD.47337037 (B)
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
SUPERAntiSpyware	Trojan.Agent/Gen-Kundo
GData	Trojan.GenericKD.47337037
ALYac	Trojan.GenericKD.47337037
MAX	malware (ai score=87)
Malwarebytes	Trojan.Downloader
MaxSecure	Trojan.Malware.300983.susgen

5662_1636108501_375.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All