zuroq9| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6401 | Nov. 10, 2021, 9:37 a.m. | Nov. 10, 2021, 9:40 a.m. |
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,DllResumeServer
2956-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,DllResumeServer
2280
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,DllStartServer
3056-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,DllStartServer
2384
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,DllRegisterServer
2860-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,DllRegisterServer
2488
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,DllStopServer
788-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,DllStopServer
2856
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,DllSuspendServer
2204-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,DllSuspendServer
2728
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,DllUnregisterServer
2456-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,DllUnregisterServer
3024
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,a0i
2656-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,a0i
192
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,bn2o
2972-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,bn2o
2296
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,chql
2160-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,chql
2468
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,fmr8t6xyemlhdyszy9ny
2616-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,fmr8t6xyemlhdyszy9ny
2064
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,fvchb0dsyzm4k5pqs50zvvooyd2
2316-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,fvchb0dsyzm4k5pqs50zvvooyd2
2060
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,gf8
544-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,gf8
2684
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,gnvfiwfpoekyfqfb00y8dwl7ao0
548-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,gnvfiwfpoekyfqfb00y8dwl7ao0
1600
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,hpsd2mmdaq09nkotvt31hq3j
3176-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,hpsd2mmdaq09nkotvt31hq3j
3376
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,ia6qhyu36gk6
3452-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,ia6qhyu36gk6
3560
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,iejm
3660-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,iejm
3756
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,it42f4vda6
3928-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,it42f4vda6
4044
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,ma8anqvwb5vu2bk2zmy
4080-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,ma8anqvwb5vu2bk2zmy
3252
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,n6oqp8x4cwd9jb9258a
2308-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,n6oqp8x4cwd9jb9258a
3336
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,nvr4od50szz9548z43ki8q
2360-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,nvr4od50szz9548z43ki8q
2744
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,p3bf
3628-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,p3bf
3916
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,p8b13v1cc61zs1pd
3640-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,p8b13v1cc61zs1pd
3248
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,q0ztrpprlf8
2224-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,q0ztrpprlf8
3412
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,r2vfhdue8qs1t8r4p6tk4lv7m
3456-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,r2vfhdue8qs1t8r4p6tk4lv7m
3752
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,s0qa5
4020-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,s0qa5
276
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,t7ai2
3860-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,t7ai2
2664
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,u5u
1568-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,u5u
3232
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,uneuzmof23nua4d0ba98
3516-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,uneuzmof23nua4d0ba98
1776
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,v1dmo
4012-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,v1dmo
3440
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,vjxdko54e8lp66owkcg20zg0o
4048-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,vjxdko54e8lp66owkcg20zg0o
3848
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,vv1pokfu3gzelhcqro39mddcfrtg
1912-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,vv1pokfu3gzelhcqro39mddcfrtg
1392
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,x0dzgvozyb5eq90v1zjzibmiiyaaj
3920-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,x0dzgvozyb5eq90v1zjzibmiiyaaj
3448
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,xgj66mbqyl798991zmj3upb40
2152-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,xgj66mbqyl798991zmj3upb40
3068
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,yasebtt45cuhjlxza9q5tfo4dp811
3244-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,yasebtt45cuhjlxza9q5tfo4dp811
2008
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,yigqk0uelvgjxf7ot47jfc3oi
1728-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,yigqk0uelvgjxf7ot47jfc3oi
3832
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\zuroq9.dll,
2216
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
| IP Address | Status | Action |
|---|---|---|
| 164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| description | rundll32.exe tried to sleep 184 seconds, actually delayed analysis time by 184 seconds | |||
| section | {u'size_of_data': u'0x00013200', u'virtual_address': u'0x0003e000', u'entropy': 7.664629826677694, u'name': u'.rdata', u'virtual_size': u'0x0001311c'} | entropy | 7.66462982668 | description | A section with a high entropy has been found | |||||||||