Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 24, 2022, 9:16 a.m.	May 24, 2022, 9:18 a.m.

Size	718.0KB
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`5a0e570b13623c79c9261a8a2cc41f04`
SHA256	`3dfe63d2c9a7e2f848d2f92171cc577158318b4e9cb62e74ec603be84ba13109`
CRC32	`505C2242`
ssdeep	`12288:1IIX/KMsUM4ilTgZ51So74EONNuoMoOc9y21dRDXJy//zJOvcW:1IIXJgrUZfJEEONNuozxZXJWJkc`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE64 - (no description)

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,DQeCfWsaaS
2476
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,DQeCfWsaaS
  2884
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,DllRegisterServer
2564
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,DllRegisterServer
  3036
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,BLawoX
2368
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,BLawoX
  2992
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,MTxVfU
2744
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,MTxVfU
  2160
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,FLzChEzQ
2652
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,FLzChEzQ
  2268
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,MzEcZXbzdF
2832
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,MzEcZXbzdF
  2440
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,SAKGfztl
2972
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,SAKGfztl
  2544
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,SwFJJKLNqq
2344
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,SwFJJKLNqq
  2732
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,asbbCg
2816
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,asbbCg
  2336
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,cwZAbFv
3064
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,cwZAbFv
  2448
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,exkDsP
2488
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,exkDsP
  2916
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,ggQKgzIr
2084
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,ggQKgzIr
  2524
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,phTqcsNgtrP
2464
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,phTqcsNgtrP
  2276
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,jzbTYAi
2140
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,jzbTYAi
  2836
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,rfWHGX
2812
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,rfWHGX
  2360
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,tmbGVMHZIy
2944
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,tmbGVMHZIy
  2684
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,zDnFFlqDtA
2184
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,zDnFFlqDtA
  2600
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,zNMGUb
3080
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,zNMGUb
  3332
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,zQYMUrW
3192
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,zQYMUrW
  3388
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\1.dll,
3284

Name	Response	Post-Analysis Lookup
ilekvoyn.com	A 64.227.182.2	64.227.182.2

IP Address	Status	Action
164.124.101.2	Active	Moloch
64.227.182.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49179 -> 64.227.182.2:80	2032086	ET MALWARE Win32/IcedID Request Cookie	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (19 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent May 24, 2022, 9:09 a.m.			0	0
IsDebuggerPresent May 24, 2022, 9:09 a.m.			0	0
IsDebuggerPresent May 24, 2022, 9:09 a.m.			0	0
IsDebuggerPresent May 24, 2022, 9:09 a.m.			0	0
IsDebuggerPresent May 24, 2022, 9:09 a.m.			0	0
IsDebuggerPresent May 24, 2022, 9:09 a.m.			0	0
IsDebuggerPresent May 24, 2022, 9:09 a.m.			0	0
IsDebuggerPresent May 24, 2022, 9:09 a.m.			0	0
IsDebuggerPresent May 24, 2022, 9:09 a.m.			0	0
IsDebuggerPresent May 24, 2022, 9:09 a.m.			0	0
IsDebuggerPresent May 24, 2022, 9:09 a.m.			0	0
IsDebuggerPresent May 24, 2022, 9:09 a.m.			0	0
IsDebuggerPresent May 24, 2022, 9:09 a.m.			0	0
IsDebuggerPresent May 24, 2022, 9:09 a.m.			0	0
IsDebuggerPresent May 24, 2022, 9:09 a.m.			0	0
IsDebuggerPresent May 24, 2022, 9:09 a.m.			0	0
IsDebuggerPresent May 24, 2022, 9:09 a.m.			0	0
IsDebuggerPresent May 24, 2022, 9:09 a.m.			0	0
IsDebuggerPresent May 24, 2022, 9:09 a.m.			0	0