Windows Analysis Report
rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll

Overview

General Information

Sample name: rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll
(renamed file extension from com to dll)
Original sample name: rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.com
Analysis ID: 1543717
MD5: c0aa0d26ea9c57aecb490ba6cd93fa8f
SHA1: dd2bd2a21665a4d5f5c8d9d46e1773c17f925130
SHA256: a78722c27a0a6b84c0e6c6f03b838514460af870833e2cf343538bcd17804fe5
Infos:

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
AI detected suspicious sample
Machine Learning detection for sample
Creates a process in suspended mode (likely to inject code)
Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll Avira: detected
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 96.4% probability
Machine Learning detection for sample
Source: rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll Joe Sandbox ML: detected
Uses 32bit PE files
Source: rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
Source: rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll Static PE information: DYNAMIC_BASE, NX_COMPAT
Uses 32bit PE files
Source: rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
Source: loaddll32.exe, 00000000.00000002.2077044741.000000006C6A2000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: :j8.vbPkRNPe;FeJ^lR>\5$=I_,kCIKfOW
Source: loaddll32.exe, 00000000.00000002.2077044741.000000006C6A2000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000003.00000002.2048051005.000000006C412000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: eiUJ5%9VbTv0wKICMR^.VbP
Source: classification engine Classification label: mal56.winDLL@10/0@0/0
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5812:120:WilError_03
Source: rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\loaddll32.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll,azsmqfepjdouodor
Source: unknown Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll"
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll",#1
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll,azsmqfepjdouodor
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll",#1
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll",azsmqfepjdouodor
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll",#1 Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll,azsmqfepjdouodor Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll",azsmqfepjdouodor Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll",#1 Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll Jump to behavior
Source: rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll Static file information: File size 21284864 > 1048576
Source: rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x143de00
Source: rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll Static PE information: DYNAMIC_BASE, NX_COMPAT
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll",#1 Jump to behavior

No Screenshots

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1543717 Sample: rnxijmmczrsxavguremdpeeqkyq... Startdate: 28/10/2024 Architecture: WINDOWS Score: 56 19 Antivirus / Scanner detection for submitted sample 2->19 21 Machine Learning detection for sample 2->21 23 AI detected suspicious sample 2->23 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 conhost.exe 7->11         started        13 rundll32.exe 7->13         started        15 rundll32.exe 7->15         started        process5 17 rundll32.exe 9->17         started       
No contacted IP infos