Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB278050 BCryptGenRandom,GetCurrentProcessId,BCryptGenRandom,CreateNamedPipeW,GetLastError,BCryptGenRandom,CloseHandle,BCryptGenRandom, |
0_2_00007FFDFB278050 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB278050 BCryptGenRandom,GetCurrentProcessId,BCryptGenRandom,CreateNamedPipeW,GetLastError,BCryptGenRandom,CloseHandle,BCryptGenRandom, |
3_2_00007FFDFB278050 |
Source: derp.bin.dll |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB276720 CloseHandle,FindFirstFileW,FindClose, |
0_2_00007FFDFB276720 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB297508 FindFirstFileExW, |
0_2_00007FFDFB297508 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB276720 CloseHandle,FindFirstFileW,FindClose, |
3_2_00007FFDFB276720 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB297508 FindFirstFileExW, |
3_2_00007FFDFB297508 |
Source: C:\Windows\System32\rundll32.exe |
Network Connect: 193.32.176.22 8080 |
Jump to behavior |
Source: global traffic |
TCP traffic: 192.168.2.4:49730 -> 193.32.176.22:8080 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.32.176.22 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB26F1C0 recv,WSAGetLastError, |
0_2_00007FFDFB26F1C0 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB2771E0 NtWriteFile,WaitForSingleObject,RtlNtStatusToDosError, |
0_2_00007FFDFB2771E0 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB277080 NtReadFile,WaitForSingleObject,RtlNtStatusToDosError, |
0_2_00007FFDFB277080 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB2771E0 NtWriteFile,WaitForSingleObject,RtlNtStatusToDosError, |
3_2_00007FFDFB2771E0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB277080 NtReadFile,WaitForSingleObject,RtlNtStatusToDosError, |
3_2_00007FFDFB277080 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB279A90 |
0_2_00007FFDFB279A90 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB28EAA0 |
0_2_00007FFDFB28EAA0 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB278050 |
0_2_00007FFDFB278050 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB28AEB0 |
0_2_00007FFDFB28AEB0 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB29DDA8 |
0_2_00007FFDFB29DDA8 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB288D10 |
0_2_00007FFDFB288D10 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB284D00 |
0_2_00007FFDFB284D00 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB266410 |
0_2_00007FFDFB266410 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB26E350 |
0_2_00007FFDFB26E350 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB27E340 |
0_2_00007FFDFB27E340 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB28B330 |
0_2_00007FFDFB28B330 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB28F080 |
0_2_00007FFDFB28F080 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB281120 |
0_2_00007FFDFB281120 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB28C120 |
0_2_00007FFDFB28C120 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB282790 |
0_2_00007FFDFB282790 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB2837F0 |
0_2_00007FFDFB2837F0 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB27E840 |
0_2_00007FFDFB27E840 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB28B710 |
0_2_00007FFDFB28B710 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB297508 |
0_2_00007FFDFB297508 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB279A90 |
3_2_00007FFDFB279A90 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB28EAA0 |
3_2_00007FFDFB28EAA0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB278050 |
3_2_00007FFDFB278050 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB28AEB0 |
3_2_00007FFDFB28AEB0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB29DDA8 |
3_2_00007FFDFB29DDA8 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB288D10 |
3_2_00007FFDFB288D10 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB284D00 |
3_2_00007FFDFB284D00 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB266410 |
3_2_00007FFDFB266410 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB26E350 |
3_2_00007FFDFB26E350 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB27E340 |
3_2_00007FFDFB27E340 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB28B330 |
3_2_00007FFDFB28B330 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB28F080 |
3_2_00007FFDFB28F080 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB281120 |
3_2_00007FFDFB281120 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB28C120 |
3_2_00007FFDFB28C120 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB282790 |
3_2_00007FFDFB282790 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB2837F0 |
3_2_00007FFDFB2837F0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB27E840 |
3_2_00007FFDFB27E840 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB28B710 |
3_2_00007FFDFB28B710 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB297508 |
3_2_00007FFDFB297508 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: String function: 00007FFDFB265B00 appears 46 times |
|
Source: C:\Windows\System32\loaddll64.exe |
Code function: String function: 00007FFDFB28E1D0 appears 69 times |
|
Source: C:\Windows\System32\regsvr32.exe |
Code function: String function: 00007FFDFB265B00 appears 46 times |
|
Source: C:\Windows\System32\regsvr32.exe |
Code function: String function: 00007FFDFB28E1D0 appears 69 times |
|
Source: classification engine |
Classification label: mal48.evad.winDLL@14/0@0/1 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB277430 GetModuleHandleW,FormatMessageW,GetLastError, |
0_2_00007FFDFB277430 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7292:120:WilError_03 |
Source: derp.bin.dll |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Windows\System32\loaddll64.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\derp.bin.dll",#1 |
Source: unknown |
Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\derp.bin.dll" |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\derp.bin.dll",#1 |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\derp.bin.dll |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\derp.bin.dll",#1 |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\derp.bin.dll,DllGetClassObject |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\derp.bin.dll,DllRegisterServer |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\derp.bin.dll,DllUnregisterServer |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\derp.bin.dll",#1 |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\derp.bin.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\derp.bin.dll,DllGetClassObject |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\derp.bin.dll,DllRegisterServer |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\derp.bin.dll,DllUnregisterServer |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\derp.bin.dll",#1 |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: aclayers.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: derp.bin.dll |
Static PE information: Image base 0x180000000 > 0x60000000 |
Source: derp.bin.dll |
Static file information: File size 1728000 > 1048576 |
Source: derp.bin.dll |
Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x14ae00 |
Source: derp.bin.dll |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT |
Source: derp.bin.dll |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: derp.bin.dll |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: derp.bin.dll |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: derp.bin.dll |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: derp.bin.dll |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB2823E0 WaitForSingleObjectEx,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,GetProcAddress,GetCurrentProcessId,CreateMutexA,CloseHandle,ReleaseMutex,ReleaseMutex, |
0_2_00007FFDFB2823E0 |
Source: derp.bin.dll |
Static PE information: section name: _RDATA |
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\derp.bin.dll |
Source: C:\Windows\System32\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
API coverage: 5.5 % |
Source: C:\Windows\System32\regsvr32.exe |
API coverage: 5.1 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB276720 CloseHandle,FindFirstFileW,FindClose, |
0_2_00007FFDFB276720 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB297508 FindFirstFileExW, |
0_2_00007FFDFB297508 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB276720 CloseHandle,FindFirstFileW,FindClose, |
3_2_00007FFDFB276720 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB297508 FindFirstFileExW, |
3_2_00007FFDFB297508 |
Source: rundll32.exe, 00000007.00000002.4111414355.000001C671F5F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllhh~ |
Source: rundll32.exe, 00000004.00000002.4111443209.0000016F59EE8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllYYA |
Source: rundll32.exe, 00000005.00000002.4111539610.0000016BD67C8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll3 |
Source: regsvr32.exe, 00000003.00000002.4111420370.0000000000537000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: loaddll64.exe, 00000000.00000002.4111425524.000001C7B1198000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll@@ |
Source: rundll32.exe, 00000006.00000002.4111361993.000001D2A4BE8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll__ |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB296ACC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FFDFB296ACC |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB2823E0 WaitForSingleObjectEx,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,GetProcAddress,GetCurrentProcessId,CreateMutexA,CloseHandle,ReleaseMutex,ReleaseMutex, |
0_2_00007FFDFB2823E0 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB299058 GetProcessHeap, |
0_2_00007FFDFB299058 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB296ACC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FFDFB296ACC |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB29E32C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00007FFDFB29E32C |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB291494 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FFDFB291494 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB296ACC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
3_2_00007FFDFB296ACC |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB29E32C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
3_2_00007FFDFB29E32C |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FFDFB291494 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
3_2_00007FFDFB291494 |
Source: C:\Windows\System32\rundll32.exe |
Network Connect: 193.32.176.22 8080 |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\derp.bin.dll",#1 |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB29DBF0 cpuid |
0_2_00007FFDFB29DBF0 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB278050 BCryptGenRandom,GetCurrentProcessId,BCryptGenRandom,CreateNamedPipeW,GetLastError,BCryptGenRandom,CloseHandle,BCryptGenRandom, |
0_2_00007FFDFB278050 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FFDFB29106C GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, |
0_2_00007FFDFB29106C |