47b2b14cf7b646cc20b42eec6183a400bf92d2c685d33f974950efa3c2b7d6c3 | Triage

Analysis

max time kernel
35s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 22:11

Sharing

Report Analysis Logs

General

Target

ybtbbfz/ssleay32.dll
Size

305KB
MD5

5160c01c27902af4a101ad40f3806b2d
SHA1

15dcc5cd89cef5b5c7279945ff755cb048d2a3aa
SHA256

7758cea6ce6d26c20ffec118793d8aa46ea3e10540974169eb2f5fe55cd59d15
SHA512

0265f379078b853640845852e481a4db85975da03b49091498a669afaeecdc690e601c46ab3ff50bd30f0b68360104cfb9c87e080f163bbda1d4436268d383cd
SSDEEP

6144:yVipv1RSqPRNwmxgj2i1IqoaV/5jeK9GRtg:yV8R9LwYgjbVVCg

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1344 wrote to memory of 1560	1344	rundll32.exe	rundll32.exe
PID 1344 wrote to memory of 1560	1344	rundll32.exe	rundll32.exe
PID 1344 wrote to memory of 1560	1344	rundll32.exe	rundll32.exe
PID 1344 wrote to memory of 1560	1344	rundll32.exe	rundll32.exe
PID 1344 wrote to memory of 1560	1344	rundll32.exe	rundll32.exe
PID 1344 wrote to memory of 1560	1344	rundll32.exe	rundll32.exe
PID 1344 wrote to memory of 1560	1344	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ybtbbfz\ssleay32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1344

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ybtbbfz\ssleay32.dll,#1
2⤵
PID:1560

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1560-54-0x0000000000000000-mapping.dmp

Download
memory/1560-55-0x0000000074F41000-0x0000000074F43000-memory.dmp

Filesize
8KB

Download