Windows Analysis Report
e.dll

Overview

General Information

Sample name: e.dll
Analysis ID: 1523389
MD5: 972d3e17b96745be89b80ec5d8f4f9d3
SHA1: e97c6461bbdcd91566f4cb75b456e399b7fe06c2
SHA256: b116511e3960ab5fa53ad6a3243240be11235ebdc323705827713cf12a9aeeda
Infos:

Detection

Dridex Dropper
Score: 72
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Dridex dropper found
Found detection on Joe Sandbox Cloud Basic
System process connects to network (likely due to code injection or exploit)
Machine Learning detection for sample
Tries to detect sandboxes / dynamic malware analysis system (file name check)
Abnormal high CPU Usage
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found decision node followed by non-executed suspicious APIs
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE file contains more sections than normal
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: e.dll Avira: detected
Machine Learning detection for sample
Source: e.dll Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_27AC1120 GetTickCount,SHGetValueA,SHSetValueA,UuidCreateSequential,sprintf,RtlComputeCrc32,GlobalAlloc,sprintf,RtlComputeCrc32,sprintf,RtlComputeCrc32,sprintf,GetModuleFileNameA,sprintf,GetCommandLineA,sprintf,memset,CryptBinaryToStringA,sprintf,memset,EnumDisplaySettingsA,sprintf,memcpy,memcpy,memset,GlobalFree,CryptAcquireContextA,CryptDecodeObjectEx,CryptImportPublicKeyInfo,CryptEncrypt,CryptBinaryToStringA,memset,GlobalFree,URLDownloadToCacheFileA,lstrlen,memset,GlobalFree,_lopen,_hread,_lclose,WinExec,GlobalFree, 3_2_27AC1120
Uses 32bit PE files
Source: e.dll Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
Source: unknown HTTPS traffic detected: 104.21.69.9:443 -> 192.168.11.20:49768 version: TLS 1.2
Source: Binary string: a:\s7i.pdbL source: e.dll
Source: Binary string: a:\s7i.pdb source: loaddll32.exe, 00000000.00000002.89094776577.000000000040F000.00000002.00000001.01000000.00000003.sdmp, e.dll
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06982A81 FindFirstFileW, 3_3_06982A81

Networking
barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\rundll32.exe Network Connect: 104.21.69.9 443 Jump to behavior
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /S2wueuBWcKItxJBxaKQWGAqL7hMS3sfSm3IIJcJI-UnDuhqZF3FZYmhcdfYjgTH9ls8toERqLL6uvqWxks5TXG7p4KTZE3NtE0QUExXonRRsVxuWAUUUBfY4OBn0j6WOD9WysDP09mb9Mw2zw25E4216qfUiBb1_-f0hXmBwm-5V3zs05mClVySIs4Q2owQXkeB3urgLrouGFuJF9ZudjP54bzXceldzNx2o8pCLFM6WK1vNqyQJ4ZGEs5wabg119exWDBy_U0fDfIKkmquk4nx095rTVG61p-61BBPfkxzOTkQYmZHX6uOiApQ41hZ0OE5yH5VhrRws_4Dk7blD-zRqQGci0UruB3OYd7fIEanuxbGDB6PoPMh8nJxhyUjELjSu3EwICQdnYkBbiVs2LkVCWKmmn2lIaQTzB-OoNpw-dg1CW7D5qiS6SoaepRg HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: w0t.lolConnection: Keep-Alive
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_27AC1120 GetTickCount,SHGetValueA,SHSetValueA,UuidCreateSequential,sprintf,RtlComputeCrc32,GlobalAlloc,sprintf,RtlComputeCrc32,sprintf,RtlComputeCrc32,sprintf,GetModuleFileNameA,sprintf,GetCommandLineA,sprintf,memset,CryptBinaryToStringA,sprintf,memset,EnumDisplaySettingsA,sprintf,memcpy,memcpy,memset,GlobalFree,CryptAcquireContextA,CryptDecodeObjectEx,CryptImportPublicKeyInfo,CryptEncrypt,CryptBinaryToStringA,memset,GlobalFree,URLDownloadToCacheFileA,lstrlen,memset,GlobalFree,_lopen,_hread,_lclose,WinExec,GlobalFree, 3_2_27AC1120
Source: global traffic HTTP traffic detected: GET /S2wueuBWcKItxJBxaKQWGAqL7hMS3sfSm3IIJcJI-UnDuhqZF3FZYmhcdfYjgTH9ls8toERqLL6uvqWxks5TXG7p4KTZE3NtE0QUExXonRRsVxuWAUUUBfY4OBn0j6WOD9WysDP09mb9Mw2zw25E4216qfUiBb1_-f0hXmBwm-5V3zs05mClVySIs4Q2owQXkeB3urgLrouGFuJF9ZudjP54bzXceldzNx2o8pCLFM6WK1vNqyQJ4ZGEs5wabg119exWDBy_U0fDfIKkmquk4nx095rTVG61p-61BBPfkxzOTkQYmZHX6uOiApQ41hZ0OE5yH5VhrRws_4Dk7blD-zRqQGci0UruB3OYd7fIEanuxbGDB6PoPMh8nJxhyUjELjSu3EwICQdnYkBbiVs2LkVCWKmmn2lIaQTzB-OoNpw-dg1CW7D5qiS6SoaepRg HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: w0t.lolConnection: Keep-Alive
Source: global traffic DNS traffic detected: DNS query: w0t.lol
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 01 Oct 2024 13:14:22 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateCF-Cache-Status: DYNAMICSpeculation-Rules: "/cdn-cgi/speculation"Server: cloudflareCF-RAY: 8cbcb62419383343-MIA
Source: rundll32.exe, 00000003.00000002.84973852233.00000000033CE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.84857080785.00000000033CE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: rundll32.exe, 00000003.00000002.84973852233.00000000033CE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.84857080785.00000000033CE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: rundll32.exe, 00000003.00000002.84973852233.00000000033CE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.84857080785.00000000033CE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.quovadis.bm0
Source: rundll32.exe, 00000003.00000003.84857412676.00000000033AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.84973750078.00000000033B0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.84857294274.000000000339C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com
Source: rundll32.exe, 00000003.00000002.84973852233.00000000033CE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.84857080785.00000000033CE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: rundll32.exe, 00000003.00000003.84857294274.000000000339C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.84973703050.000000000339D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://w0t.lol/
Source: rundll32.exe, 00000003.00000002.84973505391.0000000003352000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.84973703050.000000000339D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://w0t.lol/S2wueuBWcKItxJBxaKQWGAqL7hMS3sfSm3IIJcJI-UnDuhqZF3FZYmhcdfYjgTH9ls8toERqLL6uvqWxks5T
Source: rundll32.exe, 00000003.00000002.84973703050.000000000339D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://w0t.lol/T
Source: rundll32.exe, 00000003.00000003.84857294274.000000000339C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.84973703050.000000000339D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://w0t.lol/v
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown HTTPS traffic detected: 104.21.69.9:443 -> 192.168.11.20:49768 version: TLS 1.2

E-Banking Fraud
barindex
Dridex dropper found
Source: Initial file Signature Results: Dridex dropper behavior

System Summary
barindex
Found detection on Joe Sandbox Cloud Basic
Source: e.dll Joe Sandbox Cloud Basic: Detection: malicious Score: 80 Threat Name: Dridex Dropper Analyzer: w10x64native Perma Link
Abnormal high CPU Usage
Source: C:\Windows\SysWOW64\rundll32.exe Process Stats: CPU usage > 6%
Contains functionality to call native functions
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06966790 NtQueryDirectoryObject, 3_3_06966790
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0696D969 NtQuerySystemInformation, 3_3_0696D969
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_051B2084 NtCreateThreadEx, 3_2_051B2084
Contains functionality to communicate with device drivers
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0695D53D: DeviceIoControl, 3_3_0695D53D
Detected potential crypto function
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0533E58D 3_3_0533E58D
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0683112C 3_3_0683112C
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_068318AC 3_3_068318AC
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06835AF1 3_3_06835AF1
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06833334 3_3_06833334
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_068349DC 3_3_068349DC
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06832F7C 3_3_06832F7C
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0683371C 3_3_0683371C
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06931290 3_3_06931290
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0695D090 3_3_0695D090
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06966790 3_3_06966790
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06962790 3_3_06962790
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06982C90 3_3_06982C90
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0695D780 3_3_0695D780
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06982A81 3_3_06982A81
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06966CBB 3_3_06966CBB
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0696C3A0 3_3_0696C3A0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06968DA0 3_3_06968DA0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0696A5D6 3_3_0696A5D6
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06932BD6 3_3_06932BD6
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0696CFC0 3_3_0696CFC0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0696F1F3 3_3_0696F1F3
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_069689F0 3_3_069689F0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_069712F0 3_3_069712F0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_069852F2 3_3_069852F2
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0696E3E0 3_3_0696E3E0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0696C5E0 3_3_0696C5E0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06960EE0 3_3_06960EE0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06984F10 3_3_06984F10
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06970206 3_3_06970206
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0696CD00 3_3_0696CD00
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06983C00 3_3_06983C00
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0696BB30 3_3_0696BB30
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0695D53D 3_3_0695D53D
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06962625 3_3_06962625
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06962220 3_3_06962220
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06987F59 3_3_06987F59
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06961370 3_3_06961370
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0696DB70 3_3_0696DB70
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0696CB60 3_3_0696CB60
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06982360 3_3_06982360
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06984C60 3_3_06984C60
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0696D969 3_3_0696D969
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06985990 3_3_06985990
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0693338A 3_3_0693338A
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06935489 3_3_06935489
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0693308E 3_3_0693308E
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0693408E 3_3_0693408E
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_069335BB 3_3_069335BB
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0695CDD0 3_3_0695CDD0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0696A7D0 3_3_0696A7D0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_069333D5 3_3_069333D5
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_069709D0 3_3_069709D0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_069336DC 3_3_069336DC
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06932DC0 3_3_06932DC0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0696D4C0 3_3_0696D4C0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06971DC0 3_3_06971DC0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_069330CB 3_3_069330CB
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_069332CE 3_3_069332CE
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_069855F0 3_3_069855F0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06932DFE 3_3_06932DFE
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_069821E0 3_3_069821E0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06946014 3_3_06946014
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06933611 3_3_06933611
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06968510 3_3_06968510
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06962D10 3_3_06962D10
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06971110 3_3_06971110
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06931000 3_3_06931000
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06933106 3_3_06933106
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06970400 3_3_06970400
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0696FE30 3_3_0696FE30
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06987830 3_3_06987830
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06933322 3_3_06933322
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06933028 3_3_06933028
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0695E450 3_3_0695E450
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0695E850 3_3_0695E850
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06933055 3_3_06933055
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06985F50 3_3_06985F50
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06933358 3_3_06933358
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0696C142 3_3_0696C142
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06968640 3_3_06968640
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0696FB40 3_3_0696FB40
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06982640 3_3_06982640
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06932E4E 3_3_06932E4E
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0696DE70 3_3_0696DE70
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0693327A 3_3_0693327A
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0696A160 3_3_0696A160
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06933665 3_3_06933665
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06970C60 3_3_06970C60
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_05091680 3_2_05091680
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_050922A8 3_2_050922A8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_05091EAF 3_2_05091EAF
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_05091698 3_2_05091698
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_05094094 3_2_05094094
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_0509252C 3_2_0509252C
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_05094458 3_2_05094458
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_050945E8 3_2_050945E8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_051BA900 3_2_051BA900
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_051B163D 3_2_051B163D
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_051BA660 3_2_051BA660
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_051B2084 3_2_051B2084
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_051B22A0 3_2_051B22A0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_051B71D2 3_2_051B71D2
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_051B7410 3_2_051B7410
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_051B1240 3_2_051B1240
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_27AC1120 3_2_27AC1120
PE file contains more sections than normal
Source: e.dll Static PE information: Number of sections : 13 > 10
Uses 32bit PE files
Source: e.dll Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
Source: e.dll Static PE information: Section: z4g ZLIB complexity 0.9946666190294715
Source: e.dll Static PE information: Section: qm ZLIB complexity 0.9991314643252213
Source: e.dll Static PE information: Section: L ZLIB complexity 0.9966262291217672
Source: classification engine Classification label: mal72.bank.evad.winDLL@6/0@1/1
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5060:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5060:304:WilStaging_02
Source: C:\Windows\System32\loaddll32.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\e.dll",#1
Source: unknown Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\e.dll"
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\e.dll",#1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\e.dll",#1
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\e.dll",#1 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\e.dll",#1 Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: z55x9i2q7.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security Jump to behavior
Source: e.dll Static file information: File size 2228224 > 1048576
Source: e.dll Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: a:\s7i.pdbL source: e.dll
Source: Binary string: a:\s7i.pdb source: loaddll32.exe, 00000000.00000002.89094776577.000000000040F000.00000002.00000001.01000000.00000003.sdmp, e.dll
PE file contains sections with non-standard names
Source: e.dll Static PE information: section name: .crt1
Source: e.dll Static PE information: section name: z4g
Source: e.dll Static PE information: section name: qm
Source: e.dll Static PE information: section name: L
Source: e.dll Static PE information: section name: CONST
Source: e.dll Static PE information: section name: 3
Source: e.dll Static PE information: section name: buicKDZl
Source: e.dll Static PE information: section name: CRT
Uses code obfuscation techniques (call, push, ret)
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_0060996B pushfd ; ret 0_2_0060997B
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_00570E37 push eax; retf 0_2_00570E3E
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_0060D1F4 push edi; ret 0_2_0060D1F5
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_006099DB pushfd ; iretd 0_2_006099DC
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_0533D5C8 push ebp; retf 3_3_0533D5C9
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_069825F0 push esi; mov dword ptr [esp], ecx 3_3_069825F4
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (file name check)
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: \KnownDlls32\TeSTAPp.EXE Jump to behavior
Found decision node followed by non-executed suspicious APIs
Source: C:\Windows\SysWOW64\rundll32.exe Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_3_06982A81 FindFirstFileW, 3_3_06982A81
Source: rundll32.exe, 00000003.00000002.84973750078.00000000033B7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.84857412676.00000000033B7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.84973505391.0000000003352000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: rundll32.exe, 00000003.00000002.84973505391.0000000003352000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWJ
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_03290005 VirtualAlloc,LoadLibraryA,LdrGetProcedureAddress,VirtualProtect, 3_2_03290005
Contains functionality to read the PEB
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_0040C340 mov eax, dword ptr fs:[00000030h] 0_2_0040C340
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_03290391 mov eax, dword ptr fs:[00000030h] 3_2_03290391
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_27AC1120 mov ebx, dword ptr fs:[00000030h] 3_2_27AC1120

HIPS / PFW / Operating System Protection Evasion
barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\rundll32.exe Network Connect: 104.21.69.9 443 Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\e.dll",#1 Jump to behavior
Contains functionality to query CPU information (cpuid)
Source: C:\Windows\System32\loaddll32.exe Code function: 0_2_00401090 cpuid 0_2_00401090
Source: C:\Windows\SysWOW64\rundll32.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1523389 Sample: e.dll Startdate: 01/10/2024 Architecture: WINDOWS Score: 72 19 w0t.lol 2->19 25 Antivirus / Scanner detection for submitted sample 2->25 27 Dridex dropper found 2->27 29 Found detection on Joe Sandbox Cloud Basic 2->29 31 Machine Learning detection for sample 2->31 8 loaddll32.exe 1 2->8         started        signatures3 process4 signatures5 33 Tries to detect sandboxes / dynamic malware analysis system (file name check) 8->33 11 cmd.exe 1 8->11         started        13 conhost.exe 8->13         started        process6 process7 15 rundll32.exe 1 12 11->15         started        dnsIp8 21 w0t.lol 104.21.69.9, 443, 49768 CLOUDFLARENETUS United States 15->21 23 System process connects to network (likely due to code injection or exploit) 15->23 signatures9
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.21.69.9
 w0t.lol United States
13335 CLOUDFLARENETUS true

Contacted Domains

Name IP Active
w0t.lol 104.21.69.9 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://w0t.lol/S2wueuBWcKItxJBxaKQWGAqL7hMS3sfSm3IIJcJI-UnDuhqZF3FZYmhcdfYjgTH9ls8toERqLL6uvqWxks5TXG7p4KTZE3NtE0QUExXonRRsVxuWAUUUBfY4OBn0j6WOD9WysDP09mb9Mw2zw25E4216qfUiBb1_-f0hXmBwm-5V3zs05mClVySIs4Q2owQXkeB3urgLrouGFuJF9ZudjP54bzXceldzNx2o8pCLFM6WK1vNqyQJ4ZGEs5wabg119exWDBy_U0fDfIKkmquk4nx095rTVG61p-61BBPfkxzOTkQYmZHX6uOiApQ41hZ0OE5yH5VhrRws_4Dk7blD-zRqQGci0UruB3OYd7fIEanuxbGDB6PoPMh8nJxhyUjELjSu3EwICQdnYkBbiVs2LkVCWKmmn2lIaQTzB-OoNpw-dg1CW7D5qiS6SoaepRg true
    		unknown