ScreenShot
| Created | 2023.12.11 19:21 | Machine | s1_win7_x6403 |
| Filename | DLL%20Injector%20Resou%E2%80%AEnls..scr | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 42 detected (AIDetectMalware, malicious, high confidence, GenericKD, VirRansom, Vojf, Attribute, HighConfidence, score, BankerX, R002C0DLB23, GenKD, Sabsik, AsyncRat, Malware@#11oix1jgwmc99, Detected, R612138, Artemis, ai score=85, unsafe, Chgt, Convagent, hFui1khqHgV, susgen, PossibleThreat, confidence, 100%) | ||
| md5 | b6d15bc82d811c30d7e9633402bee9c2 | ||
| sha256 | 8177a82bb9f46bb3a6b01b59eb6fbfc1bfebd9ba5147a5685ee49d6a9aa22002 | ||
| ssdeep | 12288:o3ubKEsUNigEpgsI02qw67AjvhExMv3AO25aBcTA:aubKDgEpywweIAMohA | ||
| imphash | e27e863878b286ab3210255a9ebcda55 | ||
| impfuzzy | 12:omRgNuD1FwBbmIYay4iWdABZG/DzQLxv62YHn:Fou5FwBbAb7UC+DsLxyzHn | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to create or modify system certificates |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Performs some HTTP requests |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
| info | Collects information to fingerprint the system (MachineGuid |
| info | One or more processes crashed |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (4cnts) ?
Suricata ids
ET INFO Pastebin-style Service (textbin .net in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
advapi32.dll
0x140159118 RegCloseKey
api-ms-win-crt-heap-l1-1-0.dll
0x140159128 free
api-ms-win-crt-locale-l1-1-0.dll
0x140159138 _configthreadlocale
api-ms-win-crt-math-l1-1-0.dll
0x140159148 __setusermatherr
api-ms-win-crt-runtime-l1-1-0.dll
0x140159158 exit
api-ms-win-crt-stdio-l1-1-0.dll
0x140159168 _set_fmode
crypt.dll
0x140159178 BCryptGenRandom
crypt32.dll
0x140159188 CertOpenStore
KERNEL32.DLL
0x140159198 LoadLibraryA
0x1401591a0 ExitProcess
0x1401591a8 GetProcAddress
0x1401591b0 VirtualProtect
ntdll.dll
0x1401591c0 NtWriteFile
secur32.dll
0x1401591d0 EncryptMessage
VCRUNTIME140.dll
0x1401591e0 memcpy
ws2_32.dll
0x1401591f0 send
EAT(Export Address Table) is none
advapi32.dll
0x140159118 RegCloseKey
api-ms-win-crt-heap-l1-1-0.dll
0x140159128 free
api-ms-win-crt-locale-l1-1-0.dll
0x140159138 _configthreadlocale
api-ms-win-crt-math-l1-1-0.dll
0x140159148 __setusermatherr
api-ms-win-crt-runtime-l1-1-0.dll
0x140159158 exit
api-ms-win-crt-stdio-l1-1-0.dll
0x140159168 _set_fmode
crypt.dll
0x140159178 BCryptGenRandom
crypt32.dll
0x140159188 CertOpenStore
KERNEL32.DLL
0x140159198 LoadLibraryA
0x1401591a0 ExitProcess
0x1401591a8 GetProcAddress
0x1401591b0 VirtualProtect
ntdll.dll
0x1401591c0 NtWriteFile
secur32.dll
0x1401591d0 EncryptMessage
VCRUNTIME140.dll
0x1401591e0 memcpy
ws2_32.dll
0x1401591f0 send
EAT(Export Address Table) is none