Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Oct. 10, 2023, 6:37 p.m.	Oct. 10, 2023, 6:45 p.m.

Size	62.5KB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`420a13202d271babc32bf8259cdaddf3`
SHA256	`00433ebf3b21c1c055d4ab8a599d3e84f03b328496236b54e56042cef2146b1c`
CRC32	`E3DFDB09`
ssdeep	`768:weQtV+Nia8Ol7zBOwpa5WWkZDDgAYtTKU/cY9Qvw2xHckDJXrsmgFM1xzHMyrPm:ZQt4Nl8uBOwyW/q9TKgQvw2Zhr2Avr`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\usrgroup.dat.dll,LoadDll
3060
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\usrgroup.dat.dll,LoadDll
  2376
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\usrgroup.dat.dll,
196
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\usrgroup.dat.dll,LoadDllW
2188
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\usrgroup.dat.dll,LoadDllW
  2480

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Oct. 10, 2023, 6:37 p.m.			0	0
IsDebuggerPresent Oct. 10, 2023, 6:37 p.m.			0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Oct. 10, 2023, 6:37 p.m.	process_identifier: 2376 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1	0	0
NtProtectVirtualMemory Oct. 10, 2023, 6:37 p.m.	process_identifier: 2480 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1	0	0

usrgroup.dat.dll