Overview

overview

10

Static

static

f0t0s.dll

windows7_x64

4

f0t0s.dll

windows10_x64

10

Analysis

  • max time kernel
    2s
  • max time network
    8s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    21-01-2021 07:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f0t0s.dll

  • Size

    141KB

  • MD5

    eecfc005c040236b5818d7e8f775ffed

  • SHA1

    42bb1cfe2532023f6a099328e7a8f08dcd145231

  • SHA256

    cd773a8e18731c4d551faf1dcc8eb050c7eac19c9758a145f91c1dfa79361db8

  • SHA512

    ad9e6f52e5e2920369a003c98539c212e9ce839ff211cf3059468ba565fce345277611b893e8c2f546108cb9cd921c20c32ec8da5ce78de298b738f7b2221cf1

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f0t0s.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1908
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\f0t0s.dll
      2⤵
      • Drops file in Windows directory
      PID:1984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1908-2-0x000007FEFBBF1000-0x000007FEFBBF3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1984-3-0x0000000000000000-mapping.dmp

    Download

  • memory/1984-4-0x0000000076271000-0x0000000076273000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1984-5-0x0000000000210000-0x0000000000211000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1984-6-0x00000000001B0000-0x00000000001D9000-memory.dmp

    Filesize

    164KB

    Download