Overview

overview

1

Static

static

fcfd6c7c2f...cd.dll

windows7-x64

1

fcfd6c7c2f...cd.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    202s
  • max time network
    221s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2022 19:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fcfd6c7c2f669aba1e8a24dfd0e138ffca2ba3cf140faee7b543f069a605fdcd.dll

  • Size

    195KB

  • MD5

    ac1937ff8a2a411efb7c5400d8df2bc5

  • SHA1

    152edc88462c8c2172e9b633f231d9713b7c5f8b

  • SHA256

    fcfd6c7c2f669aba1e8a24dfd0e138ffca2ba3cf140faee7b543f069a605fdcd

  • SHA512

    0f97b1cf55d2fb08b9c468fd4c825ed8327da0bb26b7ee3474e404fcba6bfbf499f6db9cd8f2d0d3dcc7a7a7c4b82fa3513688302985c3f5bd14f058e42ded18

  • SSDEEP

    6144:RIJDXDgvd7p9iGS880k3Yf1MD1QlENUvpJKAJ:RI617p9iF83nt4mlENAK

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\fcfd6c7c2f669aba1e8a24dfd0e138ffca2ba3cf140faee7b543f069a605fdcd.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1516
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\fcfd6c7c2f669aba1e8a24dfd0e138ffca2ba3cf140faee7b543f069a605fdcd.dll,#1
      2⤵
        PID:1972

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1972-132-0x0000000000000000-mapping.dmp
      Download