Cuckoo Sandbox

Category	Started On	Completed On	Duration	Cuckoo Version
FILE	2022-02-18 14:52:41.803827	2022-02-18 14:53:08.927498	27 seconds	2.0-dev

Machine	Label	Manager	Started On	Shutdown On
win7cuckoo	win7 Clone 1	VirtualBox	2022-02-18 14:52:42	2022-02-18 14:53:08

File Details

File name

40bffba8deebcfa89ff78591d1697290a8f8145d.bin

File size

27016 bytes

File type

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

CRC32

1D3D3684

MD5

6f6a6e38715c9b3838f95e03fa0567f3

SHA1

40bffba8deebcfa89ff78591d1697290a8f8145d

SHA256

b1eab91db2cb293c153d0cb5ebf1ac3a9d50ac75d050403e8b9e1ec68881bd5f

SHA512

b1ecc5e8aff711a0ec8aa9d8415e1b26b06bc8e5607f26baba34506c30849b091e2fb3ea7051471000640c869aa9024e09749cbeac5595c16a4806d15f3221c2

Ssdeep

None

PEiD

None matched

Yara

contains_base64 (This rule finds for base64 strings)
IsPE32 ()
IsDLL ()
IsWindowsGUI ()
HasOverlay (Overlay Check)
HasDebugData (DebugData Check)
ImportTableIsBad (ImportTable Check)
HasRichSignature (Rich Signature Check)

VirusTotal

Permalink
VirusTotal Scan Date: 2022-01-27 07:15:53
Detection Rate: 0/63 (Expand)

Antivirus	Version	Result
AhnLab-V3	3.21.2.10258	Clean
Alibaba	0.3.0.5	Clean
ALYac	1.1.3.1	Clean
Antiy-AVL	3.0.0.1	Clean
APEX	6.253	Clean
Avast	21.1.5827.0	Clean
Avira	8.3.3.12	Clean
Baidu	1.0.0.2	Clean
BitDefender	7.2	Clean
BitDefenderTheta	7.2.37796.0	Clean
Bkav	1.3.0.9899	Clean
CAT-QuickHeal	14.00	Clean
ClamAV	0.104.2.0	Clean
CMC	2.10.2019.1	Clean
Comodo	34299	Clean
CrowdStrike	1.0	Clean
Cylance	2.3.1.101	Clean
Cynet	4.0.0.27	Clean
Cyren	6.5.1.2	Clean
DrWeb	7.0.52.8270	Clean
Elastic	4.0.32	Clean
Emsisoft	2021.5.0.7597	Clean
ESET-NOD32	24687	Clean
F-Secure	12.0.86.52	Clean
FireEye	32.44.1.0	Clean
Fortinet	6.2.142.0	Clean
GData	A:25.32151B:27.26123	Clean
Gridinsoft	1.0.70.172	Clean
Ikarus	0.1.5.2	Clean
Jiangmin	16.0.100	Clean
K7AntiVirus	11.243.40536	Clean
K7GW	11.243.40534	Clean
Kaspersky	21.0.1.45	Clean
Kingsoft	2017.9.26.565	Clean
Lionic	4.2	Clean
Malwarebytes	4.2.2.27	Clean
MAX	2019.9.16.1	Clean
MaxSecure	1.0.0.1	Clean
McAfee	6.0.6.653	Clean
McAfee-GW-Edition	v2019.1.2+3728	Clean
Microsoft	1.1.18800.4	Clean
MicroWorld-eScan	14.0.409.0	Clean
NANO-Antivirus	1.0.146.25561	Clean
Paloalto	1.0	Clean
Panda	4.6.4.2	Clean
Rising	25.0.0.27	Clean
Sangfor	2.9.0.0	Clean
SentinelOne	7.0.0.7	Clean
Sophos	1.4.1.0	Clean
SUPERAntiSpyware	5.6.0.1032	Clean
Symantec	1.16.0.0	Clean
TACHYON	2022-01-27.02	Clean
Tencent	1.0.0.1	Clean
TrendMicro	11.0.0.1006	Clean
TrendMicro-HouseCall	10.0.0.1040	Clean
VBA32	5.0.0	Clean
VIPRE	98492	Clean
VirIT	9.5.120	Clean
ViRobot	2014.3.20.0	Clean
Webroot	1.0.0.403	Clean
Yandex	5.5.2.24	Clean
Zillya	2.0.0.4557	Clean
Zoner	2.2.2.0	Clean

MetaFlows Scores

Metaflows Analysis Results (Signatures=50, Anomalies=0, PEiD=0, Yara=0, VT[1645213994]=0): Snort Events=0, AV Events=0
Total Score=50

Signatures

nolookup_communication details

Screenshots

No screenshots available.

Static Analysis

Version Infos

LegalCopyright:	Copyright \xa9 1995-2006 Microsoft Corporation.
InternalName:	ppcrlconfig600
FileVersion:	16.000.28985.00
CompanyName:	Microsoft Corporation
LegalTrademarks:	Microsoft\xae is a registered trademark of Microsoft Corporation.
ProductName:	Microsoft\xae Windows Live ID
ProductVersion:	16.000.28985.00
FileDescription:	Passport CRL configuration
OriginalFilename:	ppcrlconfig600.dll
Translation:	0x0409 0x04b0

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.rdata	0x00001000	0x00000070	0x00000200	0.991548493219
.rsrc	0x00002000	0x00004308	0x00004400	5.71972703582

Resources

Name	Offset	Size	Language	Sub-language	File type
RT_VERSION	0x000020a0	0x0000041c	LANG_ENGLISH	SUBLANG_ENGLISH_US	data
None	0x000024c0	0x00003e48	LANG_ENGLISH	SUBLANG_ENGLISH_US	XML document text

Strings

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

IP Address
70.186.27.9
8.8.8.8

DNS Requests

Domain	IP Address
armmf.adobe.com	23.3.84.164
dns.msftncsi.com	131.107.255.255
teredo.ipv6.microsoft.com	54.241.176.34
ipv6.msftncsi.com

HTTP Requests

URL	Data
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt?911320f9b04be75f	GET /msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt?911320f9b04be75f HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ctldl.windowsupdate.com

Behavior Summary

Registry Key-Read

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 480, Parent PID: 384

"C:\Windows\System32\rundll32.exe" C:\Users\HARRYD~1\AppData\Local\Temp\40bffba8deebcfa89ff78591d1697290a8f8145d.bin.dll,DllMain PID: 4036, Parent PID: 3320

Volatility

Nothing to display.