743b2aaedb3404e74de225ecf91ed0434fe4ee7279aa8bb6cb576316da1f3ef3 | Triage

Analysis

max time kernel
364s
max time network
404s
platform
windows7_x64
resource
win7v20210408
submitted
07-09-2021 17:15

Sharing

Report Analysis Logs

General

Target

FSOC/libeay32.dll
Size

1.3MB
MD5

0d51927274281007657c7f3e0df7becb
SHA1

6de3746d9d0980f5715cec6c676a8eb53b5efc49
SHA256

dfc847405be60c29e86e3e3222e7f63c1ff584727d87d3c35c25c4893e19fda0
SHA512

eef74088a94635184192d82bb6dcc0758749cb290c8deeff211881e8a280aec73a53334eff8846df618204b0f318e757eab23e76951a472ba6e086905000d9a5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 1176	1832	rundll32.exe	11
PID 1832 wrote to memory of 1176	1832	rundll32.exe	11
PID 1832 wrote to memory of 1176	1832	rundll32.exe	11
PID 1832 wrote to memory of 1176	1832	rundll32.exe	11
PID 1832 wrote to memory of 1176	1832	rundll32.exe	11
PID 1832 wrote to memory of 1176	1832	rundll32.exe	11
PID 1832 wrote to memory of 1176	1832	rundll32.exe	11

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\FSOC\libeay32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\FSOC\libeay32.dll,#1
  2⤵
  PID:1176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1176-61-0x00000000762C1000-0x00000000762C3000-memory.dmp

Filesize
8KB

Download