Overview

overview

10

Static

static

10

bf41e49fcd...fc.dll

windows7-x64

1

bf41e49fcd...fc.dll

windows10-2004-x64

Analysis

  • max time kernel
    37s
  • max time network
    42s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2022 07:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bf41e49fcd4503dd76a71132b90998d164824be1c6f42b25c14c5b17b2b2f8fc.dll

  • Size

    21KB

  • MD5

    7ac32384b1401d9be5a1822df841d23d

  • SHA1

    88926d7da2c30791dbc555b9cfd7622089df0172

  • SHA256

    bf41e49fcd4503dd76a71132b90998d164824be1c6f42b25c14c5b17b2b2f8fc

  • SHA512

    92d8c2613df07670817695657bb3c0e8169f81a9706d42a341de2b3aa2645fe0d879b48cdc2cc2c852a2139a0bf87f8131628e67d5a04bd762f68b1dbf1a18e4

  • SSDEEP

    384:sJshczEHvm1LCieXp1DRoBLLoRvK3V7m6sTsWtttOa/CchYlWiy:spzEHvypF0Z+V7rsTsitZ/CchYla

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf41e49fcd4503dd76a71132b90998d164824be1c6f42b25c14c5b17b2b2f8fc.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2000
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf41e49fcd4503dd76a71132b90998d164824be1c6f42b25c14c5b17b2b2f8fc.dll,#1
      2⤵
        PID:1968

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1968-54-0x0000000000000000-mapping.dmp
      Download
    • memory/1968-55-0x00000000754E1000-0x00000000754E3000-memory.dmp
      Filesize

      8KB

      Download