Windows Analysis Report
e.dll

Overview

General Information

Sample name: e.dll
Analysis ID: 1519390
MD5: 972d3e17b96745be89b80ec5d8f4f9d3
SHA1: e97c6461bbdcd91566f4cb75b456e399b7fe06c2
SHA256: b116511e3960ab5fa53ad6a3243240be11235ebdc323705827713cf12a9aeeda
Infos:

Detection

Dridex Dropper
Score: 80
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Dridex dropper found
System process connects to network (likely due to code injection or exploit)
Machine Learning detection for sample
Tries to detect sandboxes / dynamic malware analysis system (file name check)
Abnormal high CPU Usage
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found decision node followed by non-executed suspicious APIs
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE file contains more sections than normal
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: e.dll Avira: detected
Antivirus detection for URL or domain
Source: https://w0t.lol/u1AnNcgaAe2bF5Pgk9d0LeWL8vpSDZkJZinYdkhr9pqBGLRnRX5Vvq3izq9ug8qLY6yKal3j6Ee_t1iMTK_c Avira URL Cloud: Label: malware
Source: https://w0t.lol/ Avira URL Cloud: Label: malware
Source: https://w0t.lol/u1AnNcgaAe2bF5Pgk9d0LeWL8vpSDZkJZinYdkhr9pqBGLRnRX5Vvq3izq9ug8qLY6yKal3j6Ee_t1iMTK_cFx1mTVmw7UgAUUyYrKRm3RdsqVNvpv6_kKFgqugw7GxorO8WhL4PsC4qoVKtjEe0DOKO8ZDw1Tjmp1kilcdzr5ins6cIF1bcVHlXvd0LhB36FiVt_ML5BynNwrbTMXHBlrYMYDHKv7fr-4V207YlIg6tWfJiMRdzu_qeSooE4jIQIx6aML1s49f-Ri0B1CS37y5JuxrX5yqAG8oDK4QDEBXT7TWGpGoNsuTFyKiEDbJQD0BBibjsRhVHiSSidzARVzTSro8qK1SpnxWQFVotTjKG7CepcMDibvLwH_Jr5CkuCYLKtK52-cvQybIZ4Fhw0wjCJODhJJbW1bSQqThISFsFSjkb8WhpxT9Aqfic0XA Avira URL Cloud: Label: malware
Machine Learning detection for sample
Source: e.dll Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_27AC1120 GetTickCount,SHGetValueA,SHSetValueA,UuidCreateSequential,sprintf,RtlComputeCrc32,GlobalAlloc,sprintf,RtlComputeCrc32,sprintf,RtlComputeCrc32,sprintf,GetModuleFileNameA,sprintf,GetCommandLineA,sprintf,memset,CryptBinaryToStringA,sprintf,memset,EnumDisplaySettingsA,sprintf,memcpy,memcpy,memset,GlobalFree,CryptAcquireContextA,CryptDecodeObjectEx,CryptImportPublicKeyInfo,CryptEncrypt,CryptBinaryToStringA,memset,GlobalFree,URLDownloadToCacheFileA,lstrlen,memset,GlobalFree,_lopen,_hread,_lclose,WinExec,GlobalFree, 3_2_27AC1120
Uses 32bit PE files
Source: e.dll Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
Source: unknown HTTPS traffic detected: 104.21.69.9:443 -> 192.168.11.20:49757 version: TLS 1.2
Source: Binary string: a:\s7i.pdbL source: e.dll
Source: Binary string: a:\s7i.pdb source: loaddll32.exe, 00000000.00000002.27456647904.0000000000C5F000.00000002.00000001.01000000.00000003.sdmp, e.dll
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06622A81 FindFirstFileW, 3_3_06622A81

Networking
barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\rundll32.exe Network Connect: 104.21.69.9 443 Jump to behavior
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /u1AnNcgaAe2bF5Pgk9d0LeWL8vpSDZkJZinYdkhr9pqBGLRnRX5Vvq3izq9ug8qLY6yKal3j6Ee_t1iMTK_cFx1mTVmw7UgAUUyYrKRm3RdsqVNvpv6_kKFgqugw7GxorO8WhL4PsC4qoVKtjEe0DOKO8ZDw1Tjmp1kilcdzr5ins6cIF1bcVHlXvd0LhB36FiVt_ML5BynNwrbTMXHBlrYMYDHKv7fr-4V207YlIg6tWfJiMRdzu_qeSooE4jIQIx6aML1s49f-Ri0B1CS37y5JuxrX5yqAG8oDK4QDEBXT7TWGpGoNsuTFyKiEDbJQD0BBibjsRhVHiSSidzARVzTSro8qK1SpnxWQFVotTjKG7CepcMDibvLwH_Jr5CkuCYLKtK52-cvQybIZ4Fhw0wjCJODhJJbW1bSQqThISFsFSjkb8WhpxT9Aqfic0XA HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: w0t.lolConnection: Keep-Alive
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_27AC1120 GetTickCount,SHGetValueA,SHSetValueA,UuidCreateSequential,sprintf,RtlComputeCrc32,GlobalAlloc,sprintf,RtlComputeCrc32,sprintf,RtlComputeCrc32,sprintf,GetModuleFileNameA,sprintf,GetCommandLineA,sprintf,memset,CryptBinaryToStringA,sprintf,memset,EnumDisplaySettingsA,sprintf,memcpy,memcpy,memset,GlobalFree,CryptAcquireContextA,CryptDecodeObjectEx,CryptImportPublicKeyInfo,CryptEncrypt,CryptBinaryToStringA,memset,GlobalFree,URLDownloadToCacheFileA,lstrlen,memset,GlobalFree,_lopen,_hread,_lclose,WinExec,GlobalFree, 3_2_27AC1120
Source: global traffic HTTP traffic detected: GET /u1AnNcgaAe2bF5Pgk9d0LeWL8vpSDZkJZinYdkhr9pqBGLRnRX5Vvq3izq9ug8qLY6yKal3j6Ee_t1iMTK_cFx1mTVmw7UgAUUyYrKRm3RdsqVNvpv6_kKFgqugw7GxorO8WhL4PsC4qoVKtjEe0DOKO8ZDw1Tjmp1kilcdzr5ins6cIF1bcVHlXvd0LhB36FiVt_ML5BynNwrbTMXHBlrYMYDHKv7fr-4V207YlIg6tWfJiMRdzu_qeSooE4jIQIx6aML1s49f-Ri0B1CS37y5JuxrX5yqAG8oDK4QDEBXT7TWGpGoNsuTFyKiEDbJQD0BBibjsRhVHiSSidzARVzTSro8qK1SpnxWQFVotTjKG7CepcMDibvLwH_Jr5CkuCYLKtK52-cvQybIZ4Fhw0wjCJODhJJbW1bSQqThISFsFSjkb8WhpxT9Aqfic0XA HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: w0t.lolConnection: Keep-Alive
Source: global traffic DNS traffic detected: DNS query: w0t.lol
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 26 Sep 2024 11:12:36 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateCF-Cache-Status: DYNAMICSpeculation-Rules: "/cdn-cgi/speculation"Server: cloudflareCF-RAY: 8c92d1d5482d3af0-IAD
Source: rundll32.exe, 00000003.00000003.22959506464.00000000031A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.22960391062.00000000031A6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: rundll32.exe, 00000003.00000003.22959506464.00000000031A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.22960391062.00000000031A6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: rundll32.exe, 00000003.00000003.22959506464.00000000031A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.22960391062.00000000031A6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.quovadis.bm0
Source: rundll32.exe, 00000003.00000002.22960045348.000000000317F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com
Source: rundll32.exe, 00000003.00000003.22959506464.00000000031A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.22960391062.00000000031A6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: rundll32.exe, 00000003.00000002.22960045348.000000000317F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://w0t.lol/
Source: rundll32.exe, 00000003.00000002.22960045348.0000000003121000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://w0t.lol/u1AnNcgaAe2bF5Pgk9d0LeWL8vpSDZkJZinYdkhr9pqBGLRnRX5Vvq3izq9ug8qLY6yKal3j6Ee_t1iMTK_c
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown HTTPS traffic detected: 104.21.69.9:443 -> 192.168.11.20:49757 version: TLS 1.2

E-Banking Fraud
barindex
Dridex dropper found
Source: Initial file Signature Results: Dridex dropper behavior
Abnormal high CPU Usage
Source: C:\Windows\SysWOW64\rundll32.exe Process Stats: CPU usage > 6%
Contains functionality to call native functions
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0660D969 NtQuerySystemInformation, 3_3_0660D969
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06606790 NtQueryDirectoryObject, 3_3_06606790
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_04E52084 NtCreateThreadEx, 3_2_04E52084
Contains functionality to communicate with device drivers
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065FD53D: DeviceIoControl, 3_3_065FD53D
Detected potential crypto function
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_04FDE58D 3_3_04FDE58D
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_064D112C 3_3_064D112C
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_064D18AC 3_3_064D18AC
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_064D5AE0 3_3_064D5AE0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_064D49DC 3_3_064D49DC
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_064D2F7C 3_3_064D2F7C
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_064D371C 3_3_064D371C
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_064D3334 3_3_064D3334
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0660CB60 3_3_0660CB60
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06622360 3_3_06622360
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06624C60 3_3_06624C60
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0660D969 3_3_0660D969
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06601370 3_3_06601370
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0660DB70 3_3_0660DB70
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06627F59 3_3_06627F59
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06602220 3_3_06602220
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06602625 3_3_06602625
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0660BB30 3_3_0660BB30
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0660CD00 3_3_0660CD00
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06623C00 3_3_06623C00
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065FD53D 3_3_065FD53D
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06610206 3_3_06610206
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06624F10 3_3_06624F10
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0660E3E0 3_3_0660E3E0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0660C5E0 3_3_0660C5E0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06600EE0 3_3_06600EE0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065D2BD6 3_3_065D2BD6
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_066089F0 3_3_066089F0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_066252F2 3_3_066252F2
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_066112F0 3_3_066112F0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0660F1F3 3_3_0660F1F3
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0660CFC0 3_3_0660CFC0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0660A5D6 3_3_0660A5D6
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0660C3A0 3_3_0660C3A0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06608DA0 3_3_06608DA0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065D1290 3_3_065D1290
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065FD090 3_3_065FD090
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06606CBB 3_3_06606CBB
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065FD780 3_3_065FD780
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06622A81 3_3_06622A81
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06606790 3_3_06606790
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06602790 3_3_06602790
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06622C90 3_3_06622C90
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0660A160 3_3_0660A160
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06610C60 3_3_06610C60
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065D3358 3_3_065D3358
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065D3055 3_3_065D3055
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065FE450 3_3_065FE450
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065FE850 3_3_065FE850
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0660DE70 3_3_0660DE70
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065D2E4E 3_3_065D2E4E
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06608640 3_3_06608640
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0660FB40 3_3_0660FB40
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06622640 3_3_06622640
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065D327A 3_3_065D327A
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06625F50 3_3_06625F50
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065D3665 3_3_065D3665
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065E6014 3_3_065E6014
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065D3611 3_3_065D3611
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0660C130 3_3_0660C130
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0660FE30 3_3_0660FE30
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06627830 3_3_06627830
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065D3106 3_3_065D3106
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065D1000 3_3_065D1000
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06610400 3_3_06610400
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06608510 3_3_06608510
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06602D10 3_3_06602D10
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06611110 3_3_06611110
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065D3028 3_3_065D3028
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065D3322 3_3_065D3322
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065D36DC 3_3_065D36DC
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_066221E0 3_3_066221E0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065D33D5 3_3_065D33D5
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065FCDD0 3_3_065FCDD0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_066255F0 3_3_066255F0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065D32CE 3_3_065D32CE
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065D30CB 3_3_065D30CB
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065D2DC0 3_3_065D2DC0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0660D4C0 3_3_0660D4C0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06611DC0 3_3_06611DC0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065D2DFE 3_3_065D2DFE
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0660A7D0 3_3_0660A7D0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_066109D0 3_3_066109D0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065D308E 3_3_065D308E
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065D408E 3_3_065D408E
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065D5489 3_3_065D5489
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065D338A 3_3_065D338A
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_065D35BB 3_3_065D35BB
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06625990 3_3_06625990
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_04D31680 3_2_04D31680
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_04D322A8 3_2_04D322A8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_04D31EAF 3_2_04D31EAF
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_04D34458 3_2_04D34458
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_04D345E8 3_2_04D345E8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_04D34094 3_2_04D34094
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_04D31698 3_2_04D31698
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_04D3252C 3_2_04D3252C
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_04E571D2 3_2_04E571D2
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_04E522A0 3_2_04E522A0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_04E52084 3_2_04E52084
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_04E51460 3_2_04E51460
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_04E5A660 3_2_04E5A660
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_04E5A900 3_2_04E5A900
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_04E51240 3_2_04E51240
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_04E57410 3_2_04E57410
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_27AC1120 3_2_27AC1120
PE file contains more sections than normal
Source: e.dll Static PE information: Number of sections : 13 > 10
Uses 32bit PE files
Source: e.dll Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
Source: e.dll Static PE information: Section: z4g ZLIB complexity 0.9946666190294715
Source: e.dll Static PE information: Section: qm ZLIB complexity 0.9991314643252213
Source: e.dll Static PE information: Section: L ZLIB complexity 0.9966262291217672
Source: classification engine Classification label: mal80.bank.evad.winDLL@6/0@1/1
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6984:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6984:304:WilStaging_02
Source: C:\Windows\System32\loaddll32.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\e.dll",#1
Source: unknown Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\e.dll"
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\e.dll",#1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\e.dll",#1
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\e.dll",#1 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\e.dll",#1 Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security Jump to behavior
Source: e.dll Static file information: File size 2228224 > 1048576
Source: e.dll Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: a:\s7i.pdbL source: e.dll
Source: Binary string: a:\s7i.pdb source: loaddll32.exe, 00000000.00000002.27456647904.0000000000C5F000.00000002.00000001.01000000.00000003.sdmp, e.dll
PE file contains sections with non-standard names
Source: e.dll Static PE information: section name: .crt1
Source: e.dll Static PE information: section name: z4g
Source: e.dll Static PE information: section name: qm
Source: e.dll Static PE information: section name: L
Source: e.dll Static PE information: section name: CONST
Source: e.dll Static PE information: section name: 3
Source: e.dll Static PE information: section name: buicKDZl
Source: e.dll Static PE information: section name: CRT
Uses code obfuscation techniques (call, push, ret)
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_00E5D1F4 push edi; ret 0_2_00E5D1F5
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_00E599DB pushfd ; iretd 0_2_00E599DC
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_00E5996B pushfd ; ret 0_2_00E5997B
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_04FDD5C8 push ebp; retf 3_3_04FDD5C9
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_066225F0 push esi; mov dword ptr [esp], ecx 3_3_066225F4
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (file name check)
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Found decision node followed by non-executed suspicious APIs
Source: C:\Windows\SysWOW64\rundll32.exe Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06622A81 FindFirstFileW, 3_3_06622A81
Source: rundll32.exe, 00000003.00000002.22960045348.0000000003190000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.22960045348.0000000003152000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.22960045348.0000000003121000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_03000005 VirtualAlloc,LoadLibraryA,LdrGetProcedureAddress,VirtualProtect, 3_2_03000005
Contains functionality to read the PEB
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_00C5C340 mov eax, dword ptr fs:[00000030h] 0_2_00C5C340
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_03000391 mov eax, dword ptr fs:[00000030h] 3_2_03000391
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_27AC1120 mov ebx, dword ptr fs:[00000030h] 3_2_27AC1120

HIPS / PFW / Operating System Protection Evasion
barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\rundll32.exe Network Connect: 104.21.69.9 443 Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\e.dll",#1 Jump to behavior
Contains functionality to query CPU information (cpuid)
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_00C51090 cpuid 0_2_00C51090
Source: C:\Windows\SysWOW64\rundll32.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1519390 Sample: e.dll Startdate: 26/09/2024 Architecture: WINDOWS Score: 80 19 w0t.lol 2->19 25 Antivirus detection for URL or domain 2->25 27 Antivirus / Scanner detection for submitted sample 2->27 29 Dridex dropper found 2->29 31 Machine Learning detection for sample 2->31 8 loaddll32.exe 1 2->8         started        signatures3 process4 signatures5 33 Tries to detect sandboxes / dynamic malware analysis system (file name check) 8->33 11 cmd.exe 1 8->11         started        13 conhost.exe 8->13         started        process6 process7 15 rundll32.exe 1 12 11->15         started        dnsIp8 21 w0t.lol 104.21.69.9, 443, 49757 CLOUDFLARENETUS United States 15->21 23 System process connects to network (likely due to code injection or exploit) 15->23 signatures9
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.21.69.9
 w0t.lol United States
13335 CLOUDFLARENETUS true

Contacted Domains

Name IP Active
w0t.lol 104.21.69.9 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://w0t.lol/u1AnNcgaAe2bF5Pgk9d0LeWL8vpSDZkJZinYdkhr9pqBGLRnRX5Vvq3izq9ug8qLY6yKal3j6Ee_t1iMTK_cFx1mTVmw7UgAUUyYrKRm3RdsqVNvpv6_kKFgqugw7GxorO8WhL4PsC4qoVKtjEe0DOKO8ZDw1Tjmp1kilcdzr5ins6cIF1bcVHlXvd0LhB36FiVt_ML5BynNwrbTMXHBlrYMYDHKv7fr-4V207YlIg6tWfJiMRdzu_qeSooE4jIQIx6aML1s49f-Ri0B1CS37y5JuxrX5yqAG8oDK4QDEBXT7TWGpGoNsuTFyKiEDbJQD0BBibjsRhVHiSSidzARVzTSro8qK1SpnxWQFVotTjKG7CepcMDibvLwH_Jr5CkuCYLKtK52-cvQybIZ4Fhw0wjCJODhJJbW1bSQqThISFsFSjkb8WhpxT9Aqfic0XA true
  • Avira URL Cloud: malware
 unknown