{"RSA Public Key": "KfAh1HjBYV5+GLf1H4+++WQcflLYE80sojTEX/uvXaLXhDxSfFOCIe7aHw1TYNxXIBvEkznlAveWMvLVTSjkgy/Hqpm47GUbXiPUxbpl0qoDhGQpz45mxRQlc+jgXQ4D03Y0gMF90NeOpBOEi497zfDlURi8Me7OHCSUNpn4Q0kQtrInhQlll9V6IFuYjZJB", "c2_domain": ["outlook.com/login", "gmail.com", "dorelunonu.us", "morelunonu.us"], "botnet": "8877", "server": "12", "serpent_key": "30218409ILPAJDUR", "sleep_time": "10", "SetWaitableTimer_value": "0", "DGA_count": "10"}
Source: 3.3.rundll32.exe.30aa438.0.raw.unpack | Malware Configuration Extractor: Ursnif {"RSA Public Key": "KfAh1HjBYV5+GLf1H4+++WQcflLYE80sojTEX/uvXaLXhDxSfFOCIe7aHw1TYNxXIBvEkznlAveWMvLVTSjkgy/Hqpm47GUbXiPUxbpl0qoDhGQpz45mxRQlc+jgXQ4D03Y0gMF90NeOpBOEi497zfDlURi8Me7OHCSUNpn4Q0kQtrInhQlll9V6IFuYjZJB", "c2_domain": ["outlook.com/login", "gmail.com", "dorelunonu.us", "morelunonu.us"], "botnet": "8877", "server": "12", "serpent_key": "30218409ILPAJDUR", "sleep_time": "10", "SetWaitableTimer_value": "0", "DGA_count": "10"} |
Source: | Binary string: c:\364\Head\Fresh-Room\score_Several\turn.pdb source: loaddll32.exe, 00000000.00000002.474262084.000000006E12B000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.473027283.000000006E12B000.00000002.00020000.sdmp, 8OKQ6ogGRx.dll |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00BB896F RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,memset,CreateFileA,GetFileTime,FindCloseChangeNotification,StrRChrA,lstrcat,FindFirstFileA,FindFirstFileA,CompareFileTime,CompareFileTime,FindClose,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,StrChrA,memcpy,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,FindClose,HeapFree,HeapFree, |
Source: Yara match | File source: 00000000.00000002.470954657.0000000003618000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: loaddll32.exe PID: 2168, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.470954657.0000000003618000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: loaddll32.exe PID: 2168, type: MEMORY |
Source: C:\Windows\System32\loaddll32.exe | WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue |
Source: C:\Windows\System32\loaddll32.exe | WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue |
Source: C:\Windows\System32\loaddll32.exe | WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue |
Source: C:\Windows\System32\loaddll32.exe | WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue |
Source: C:\Windows\System32\loaddll32.exe | WMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue |
Source: C:\Windows\System32\loaddll32.exe | WMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue |
Source: C:\Windows\System32\loaddll32.exe | WMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E0C101B NtMapViewOfSection, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E0C145E NtCreateSection,memset, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E0C23A5 NtQueryVirtualMemory, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00BB1724 NtOpenProcess,NtOpenProcessToken,NtQueryInformationToken,NtQueryInformationToken,NtQueryInformationToken,memcpy,NtClose,NtClose, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00BBB301 NtQueryVirtualMemory, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E0C2184 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00BB62D8 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00BBB0DC |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00BB8045 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E10AF51 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E106700 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E129DAE |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E123A47 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E127AB1 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E114B3B |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E12035D |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E1228C3 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E10C100 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E10AF51 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E106700 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E129DAE |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E123A47 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E127AB1 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E114B3B |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E12035D |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E1228C3 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E10C100 |
Source: C:\Windows\System32\loaddll32.exe | Code function: String function: 6E10B2D0 appears 32 times |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: String function: 6E10B2D0 appears 32 times |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00BB24C7 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle, |
Source: C:\Windows\System32\loaddll32.exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\8OKQ6ogGRx.dll,Enterbeen |
Source: unknown | Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\8OKQ6ogGRx.dll' |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\8OKQ6ogGRx.dll',#1 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\8OKQ6ogGRx.dll,Enterbeen |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\8OKQ6ogGRx.dll',#1 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\8OKQ6ogGRx.dll,Multiply |
Source: unknown | Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding |
Source: C:\Program Files\internet explorer\iexplore.exe | Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5212 CREDAT:17410 /prefetch:2 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\8OKQ6ogGRx.dll',#1 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\8OKQ6ogGRx.dll,Enterbeen |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\8OKQ6ogGRx.dll,Multiply |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\8OKQ6ogGRx.dll',#1 |
Source: C:\Program Files\internet explorer\iexplore.exe | Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5212 CREDAT:17410 /prefetch:2 |
Source: C:\Windows\System32\loaddll32.exe | Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32 |
Source: 8OKQ6ogGRx.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: 8OKQ6ogGRx.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: 8OKQ6ogGRx.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: 8OKQ6ogGRx.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: 8OKQ6ogGRx.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: 8OKQ6ogGRx.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: | Binary string: c:\364\Head\Fresh-Room\score_Several\turn.pdb source: loaddll32.exe, 00000000.00000002.474262084.000000006E12B000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.473027283.000000006E12B000.00000002.00020000.sdmp, 8OKQ6ogGRx.dll |
Source: 8OKQ6ogGRx.dll | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: 8OKQ6ogGRx.dll | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: 8OKQ6ogGRx.dll | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: 8OKQ6ogGRx.dll | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: 8OKQ6ogGRx.dll | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E0C160D LoadLibraryA,GetProcAddress, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E0C2120 push ecx; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E0C2173 push ecx; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00BBB0CB push ecx; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00BBAD10 push ecx; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E10B315 push ecx; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E14221D push eax; retf |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E142BB6 push ecx; ret |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E0D420E push es; ret |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E0D423B push ebx; ret |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E10B315 push ecx; ret |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E0D43C5 push ebp; ret |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E0D5842 push esp; ret |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E14221D push eax; retf |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E142BB6 push ecx; ret |
Source: Yara match | File source: 00000000.00000002.470954657.0000000003618000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: loaddll32.exe PID: 2168, type: MEMORY |
Source: C:\Windows\System32\loaddll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\loaddll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Last function: Thread delayed |
Source: C:\Windows\SysWOW64\rundll32.exe | Last function: Thread delayed |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00BB896F RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,memset,CreateFileA,GetFileTime,FindCloseChangeNotification,StrRChrA,lstrcat,FindFirstFileA,FindFirstFileA,CompareFileTime,CompareFileTime,FindClose,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,StrChrA,memcpy,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,FindClose,HeapFree,HeapFree, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E10C6CB _memset,IsDebuggerPresent, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E112CFE ___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,OutputDebugStringW,RtlDecodePointer, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E0C160D LoadLibraryA,GetProcAddress, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E141302 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E140E3F push dword ptr fs:[00000030h] |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E141238 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E141302 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E140E3F push dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E141238 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E10B830 GetProcessHeap, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E111090 SetUnhandledExceptionFilter, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E1110C1 SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E111090 SetUnhandledExceptionFilter, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E1110C1 SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\8OKQ6ogGRx.dll',#1 |
Source: loaddll32.exe, 00000000.00000002.470347990.0000000001620000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.472110783.0000000003640000.00000002.00000001.sdmp | Binary or memory string: Program Manager |
Source: loaddll32.exe, 00000000.00000002.470347990.0000000001620000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.472110783.0000000003640000.00000002.00000001.sdmp | Binary or memory string: Shell_TrayWnd |
Source: loaddll32.exe, 00000000.00000002.470347990.0000000001620000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.472110783.0000000003640000.00000002.00000001.sdmp | Binary or memory string: Progman |
Source: loaddll32.exe, 00000000.00000002.470347990.0000000001620000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.472110783.0000000003640000.00000002.00000001.sdmp | Binary or memory string: Progmanlock |
Source: C:\Windows\System32\loaddll32.exe | Code function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP, |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoW,_GetPrimaryLen, |
Source: C:\Windows\System32\loaddll32.exe | Code function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage, |
Source: C:\Windows\System32\loaddll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: _GetPrimaryLen,EnumSystemLocalesW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: _GetPrimaryLen,EnumSystemLocalesW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage, |
Source: C:\Windows\System32\loaddll32.exe | Code function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,__invoke_watson,_LcidFromHexString,GetLocaleInfoW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, |
Source: C:\Windows\System32\loaddll32.exe | Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW,_GetPrimaryLen, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: _GetPrimaryLen,EnumSystemLocalesW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: _GetPrimaryLen,EnumSystemLocalesW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,__invoke_watson,_LcidFromHexString,GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E0C195D GetSystemTimeAsFileTime,_aulldiv,_snwprintf,CreateFileMappingW,GetLastError,GetLastError,MapViewOfFile,GetLastError,CloseHandle,GetLastError, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00BB7EC1 RtlAllocateHeap,GetUserNameW,RtlAllocateHeap,GetUserNameW,HeapFree,GetComputerNameW,GetComputerNameW,RtlAllocateHeap,GetComputerNameW,HeapFree, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E10CFA3 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E0C1800 CreateEventA,GetVersion,GetCurrentProcessId,OpenProcess,GetLastError, |
Source: Yara match | File source: 00000000.00000002.470954657.0000000003618000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: loaddll32.exe PID: 2168, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.470954657.0000000003618000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: loaddll32.exe PID: 2168, type: MEMORY |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.