743b2aaedb3404e74de225ecf91ed0434fe4ee7279aa8bb6cb576316da1f3ef3 | Triage

Analysis

max time kernel
338s
max time network
511s
platform
windows10_x64
resource
win10-en
submitted
07-09-2021 17:15

Sharing

Report Analysis Logs

General

Target

FSOC/libeay32.dll
Size

1.3MB
MD5

0d51927274281007657c7f3e0df7becb
SHA1

6de3746d9d0980f5715cec6c676a8eb53b5efc49
SHA256

dfc847405be60c29e86e3e3222e7f63c1ff584727d87d3c35c25c4893e19fda0
SHA512

eef74088a94635184192d82bb6dcc0758749cb290c8deeff211881e8a280aec73a53334eff8846df618204b0f318e757eab23e76951a472ba6e086905000d9a5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4044 wrote to memory of 560	4044	rundll32.exe	71
PID 4044 wrote to memory of 560	4044	rundll32.exe	71
PID 4044 wrote to memory of 560	4044	rundll32.exe	71

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\FSOC\libeay32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\FSOC\libeay32.dll,#1
  2⤵
  PID:560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads