Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 18, 2024, 10:07 a.m.	Oct. 18, 2024, 10:18 a.m.

Size	100.0KB
Type	PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`60fea8c8e9693047f41675e3445579e8`
SHA256	`c0f272047eec9b7ad1e3456ac0ae020c2522022d69ef6576a99000b967d7f5cf`
CRC32	`A0BC174A`
ssdeep	`1536:P0z8vJjAlgNzd5CLdNiWkbXf3lkb2QBHXMyJeb54uZ:o4KGNz4sWkb9gMyJcyuZ`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Generic_Malware_Zero - Generic Malware

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\swift-obfuscation-side-loading.dll,DllMain
2544
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\swift-obfuscation-side-loading.dll,DllMain
  2780
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\swift-obfuscation-side-loading.dll,Start
2628
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\swift-obfuscation-side-loading.dll,Start
  2788
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\swift-obfuscation-side-loading.dll,
2720

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

One or more processes crashed (2 events)

Time & API	Arguments	Status	Return	Repeated
__exception__ Oct. 18, 2024, 10:07 a.m.	stacktrace: DllMain+0x5393 Start-0x504d swift-obfuscation-side-loading+0xe913 @ 0x7fef496e913 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 exception.instruction_r: 48 83 b8 c2 08 00 00 00 75 10 65 48 8b 14 25 30 exception.instruction: cmp qword ptr [rax + 0x8c2], 0 exception.exception_code: 0xc0000005 exception.symbol: DllMain+0x5393 Start-0x504d swift-obfuscation-side-loading+0xe913 exception.address: 0x7fef496e913 registers.r14: 1 registers.r15: 0 registers.rcx: 2916294128 registers.rsi: 2916294128 registers.r10: 0 registers.rbx: 1037392 registers.rsp: 2486488 registers.r11: 0 registers.r8: 0 registers.r9: 856816 registers.rdx: 0 registers.r12: 8791606596992 registers.rbp: 2488168 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1	0	0
__exception__ Oct. 18, 2024, 10:07 a.m.	stacktrace: DllMain+0x5393 Start-0x504d swift-obfuscation-side-loading+0xe913 @ 0x7fef496e913 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 exception.instruction_r: 48 83 b8 c2 08 00 00 00 75 10 65 48 8b 14 25 30 exception.instruction: cmp qword ptr [rax + 0x8c2], 0 exception.exception_code: 0xc0000005 exception.symbol: DllMain+0x5393 Start-0x504d swift-obfuscation-side-loading+0xe913 exception.address: 0x7fef496e913 registers.r14: 1 registers.r15: 0 registers.rcx: 2916294128 registers.rsi: 2916294128 registers.r10: 0 registers.rbx: 1692784 registers.rsp: 1503576 registers.r11: 0 registers.r8: 0 registers.r9: 1512176 registers.rdx: 0 registers.r12: 8791606596992 registers.rbp: 1505256 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

Oct. 18, 2024, 10:07 a.m.

stacktrace:

DllMain+0x5393 Start-0x504d swift-obfuscation-side-loading+0xe913 @ 0x7fef496e913
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030

exception.instruction_r: 48 83 b8 c2 08 00 00 00 75 10 65 48 8b 14 25 30
exception.instruction: cmp qword ptr [rax + 0x8c2], 0
exception.exception_code: 0xc0000005
exception.symbol: DllMain+0x5393 Start-0x504d swift-obfuscation-side-loading+0xe913
exception.address: 0x7fef496e913
registers.r14: 1
registers.r15: 0
registers.rcx: 2916294128
registers.rsi: 2916294128
registers.r10: 0
registers.rbx: 1037392
registers.rsp: 2486488
registers.r11: 0
registers.r8: 0
registers.r9: 856816
registers.rdx: 0
registers.r12: 8791606596992
registers.rbp: 2488168
registers.rdi: 0
registers.rax: 0
registers.r13: 0

__exception__

Oct. 18, 2024, 10:07 a.m.

stacktrace:

DllMain+0x5393 Start-0x504d swift-obfuscation-side-loading+0xe913 @ 0x7fef496e913
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030

exception.instruction_r: 48 83 b8 c2 08 00 00 00 75 10 65 48 8b 14 25 30
exception.instruction: cmp qword ptr [rax + 0x8c2], 0
exception.exception_code: 0xc0000005
exception.symbol: DllMain+0x5393 Start-0x504d swift-obfuscation-side-loading+0xe913
exception.address: 0x7fef496e913
registers.r14: 1
registers.r15: 0
registers.rcx: 2916294128
registers.rsi: 2916294128
registers.r10: 0
registers.rbx: 1692784
registers.rsp: 1503576
registers.r11: 0
registers.r8: 0
registers.r9: 1512176
registers.rdx: 0
registers.r12: 8791606596992
registers.rbp: 1505256
registers.rdi: 0
registers.rax: 0
registers.r13: 0

File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Havoc.m!c
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Havocp.S33863897
Skyhigh	Agent-FYC!60FEA8C8E969
ALYac	Generic.Trojan.Havokiz.Marte.D.3988198C
Cylance	Unsafe
VIPRE	Generic.Trojan.Havokiz.Marte.D.3988198C
Sangfor	Backdoor.Win64.Havoc.Vzap
CrowdStrike	win/malicious_confidence_70% (D)
BitDefender	Generic.Trojan.Havokiz.Marte.D.3988198C
Arcabit	Generic.Trojan.Havokiz.Marte.D.D3CDAE6C
Symantec	ML.Attribute.HighConfidence
Elastic	Windows.Generic.Threat
ESET-NOD32	a variant of Win64/Havoc.M
APEX	Malicious
Avast	Win64:Evo-gen [Trj]
ClamAV	Win.Trojan.Havoc-10019366-0
Kaspersky	HEUR:Backdoor.Win64.Havoc.pef
MicroWorld-eScan	Generic.Trojan.Havokiz.Marte.D.3988198C
Emsisoft	Generic.Trojan.Havokiz.Marte.D.3988198C (B)
F-Secure	Heuristic.HEUR/AGEN.1376803
DrWeb	Trojan.Siggen29.14420
TrendMicro	TROJ_GEN.R002C0DJH24
McAfeeD	ti!C0F272047EEC
CTX	dll.trojan.havoc
Sophos	ATK/Havoc-G
SentinelOne	Static AI - Malicious PE
FireEye	Generic.Trojan.Havokiz.Marte.D.3988198C
Google	Detected
Avira	HEUR/AGEN.1376803
Kingsoft	Win64.Backdoor.Havoc.pef
Gridinsoft	Trojan.Win64.Agent.sa
Microsoft	Trojan:Win64/Havoc.AA!MTB
ZoneAlarm	HEUR:Backdoor.Win64.Havoc.pef
GData	Generic.Trojan.Havokiz.Marte.D.3988198C
Varist	W64/ABTrojan.CVFU-3370
McAfee	Agent-FYC!60FEA8C8E969
DeepInstinct	MALICIOUS
Malwarebytes	Trojan.Havoc
Ikarus	Trojan.Win64.Havoc
Panda	Trj/CI.A
Tencent	Trojan.Win64.Havoc.16001250
huorong	Backdoor/Meterpreter.ey
Fortinet	PossibleThreat.PALLAS.H
AVG	Win64:Evo-gen [Trj]
Paloalto	generic.ml
alibabacloud	Backdoor:Win/Meterpreter.ey

swift-obfuscation-side-loading.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All