Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Jan. 12, 2025, 2:32 p.m.	Jan. 12, 2025, 3:06 p.m.

Size	1.9MB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`da2ab0623e5fd0a9ee8c26b935ab1297`
SHA256	`c8623ea4107e6094065ce47235fd8e9a2be31a49b070e2f79a969d79043304f1`
CRC32	`740514B4`
ssdeep	`24576:ybwqrQp5pPlJaVFZJp5BuSuAZOmJWWgDuY6v9ohj4UfrB5xOrvXJJrAM5r51MC:yVrQ3pSVBp558DzsD+rxa/JJrAMe`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) DllRegisterServer_Zero - execute regsvr32.exe Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,DllRegisterServer
1720
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,DllRegisterServer
  2236
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,DllUnregisterServer
2056
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,DllUnregisterServer
  2272
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,GEcGdimckJN
2168
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,GEcGdimckJN
  2376
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,IUBXEXQIinbFRiFL
2360
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,IUBXEXQIinbFRiFL
  2616
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,LWnAvcuedaaNnq
2500
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,LWnAvcuedaaNnq
  2664
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,RcqYmIgyrxYHuyZcm
2588
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,RcqYmIgyrxYHuyZcm
  2920
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,SojHROrTWJMGlUH
2776
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,SojHROrTWJMGlUH
  3044
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,TVAuGzPwbBq
2876
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,TVAuGzPwbBq
  3024
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,bHvDkWgAHBapXqx
3012
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,bHvDkWgAHBapXqx
  2400
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,csDBVqBlqNjQwsdffmec
2220
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,csDBVqBlqNjQwsdffmec
  2528
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,mRjFengeNucVTb
2480
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,mRjFengeNucVTb
  2756
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,uEXPAxMVRhAPGCHNLrYQ
2228
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,uEXPAxMVRhAPGCHNLrYQ
  2504
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,uLMvUgPtIrl
2852
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,uLMvUgPtIrl
  2340
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,vmxMHLgRreJjcU
2364
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,vmxMHLgRreJjcU
  2648
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,yMhVkVhmYFO
2436
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,yMhVkVhmYFO
  2704
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ActivePod.ocx.dll,
2688

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (15 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Jan. 12, 2025, 2:32 p.m.			0	0
IsDebuggerPresent Jan. 12, 2025, 2:32 p.m.			0	0
IsDebuggerPresent Jan. 12, 2025, 2:32 p.m.			0	0
IsDebuggerPresent Jan. 12, 2025, 2:32 p.m.			0	0
IsDebuggerPresent Jan. 12, 2025, 2:32 p.m.			0	0
IsDebuggerPresent Jan. 12, 2025, 2:32 p.m.			0	0
IsDebuggerPresent Jan. 12, 2025, 2:32 p.m.			0	0
IsDebuggerPresent Jan. 12, 2025, 2:32 p.m.			0	0
IsDebuggerPresent Jan. 12, 2025, 2:32 p.m.			0	0
IsDebuggerPresent Jan. 12, 2025, 2:32 p.m.			0	0
IsDebuggerPresent Jan. 12, 2025, 2:32 p.m.			0	0
IsDebuggerPresent Jan. 12, 2025, 2:32 p.m.			0	0
IsDebuggerPresent Jan. 12, 2025, 2:32 p.m.			0	0
IsDebuggerPresent Jan. 12, 2025, 2:32 p.m.			0	0
IsDebuggerPresent Jan. 12, 2025, 2:32 p.m.			0	0

Performs some HTTP requests (1 event)

request

GET http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl

File has been identified by 7 AntiVirus engines on VirusTotal as malicious (7 events)

Cynet	Malicious (score: 100)
BitDefender	Trojan.GenericKD.75333585
MicroWorld-eScan	Trojan.GenericKD.75333585
Emsisoft	Trojan.GenericKD.75333585 (B)
FireEye	Trojan.GenericKD.75333585
GData	Trojan.GenericKD.75333585
MaxSecure	Trojan.Malware.300983.susgen

ActivePod.ocx

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All