47b2b14cf7b646cc20b42eec6183a400bf92d2c685d33f974950efa3c2b7d6c3 | Triage

Analysis

max time kernel
58s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 22:11

Sharing

Report Analysis Logs

General

Target

ybtbbfz/libeay32.dll
Size

1.5MB
MD5

372b62290e4cdde0b17e39777bdc77b9
SHA1

7f13989dbbad9c4693d4cf77bb14457ae3f5c3a7
SHA256

ccca2fd2496d651fb79493a6bf80f936ef483d1063125a18fd30dc026ad611d4
SHA512

2a3878698a753438aec3c2ad9ed58c9fc98964b717aecd1e2751b2e049727794bebe4bc2cefc840d1a171ff95ac403850bc001e267145771ff6c13f22f474873
SSDEEP

24576:uYxqMDFXiTHQfbBRJy/lK/MvnKBwpkRcrVz2QLFm8AW+m9sR:fMyXiTH8V4K/MQi2QLFmLW39M

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1308 wrote to memory of 2004	1308	rundll32.exe	rundll32.exe
PID 1308 wrote to memory of 2004	1308	rundll32.exe	rundll32.exe
PID 1308 wrote to memory of 2004	1308	rundll32.exe	rundll32.exe
PID 1308 wrote to memory of 2004	1308	rundll32.exe	rundll32.exe
PID 1308 wrote to memory of 2004	1308	rundll32.exe	rundll32.exe
PID 1308 wrote to memory of 2004	1308	rundll32.exe	rundll32.exe
PID 1308 wrote to memory of 2004	1308	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ybtbbfz\libeay32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ybtbbfz\libeay32.dll,#1
  2⤵
  PID:2004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2004-54-0x0000000000000000-mapping.dmp

Download
memory/2004-55-0x0000000076941000-0x0000000076943000-memory.dmp

Filesize
8KB

Download