bf176a4b8c3cec298fe69a631aca88f9ebf3a9757d53d9ca49e1ad0bf2d8a0e9 | Triage

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2022 04:54

Sharing

Report Analysis Logs

General

Target

急速辅助免费版1223/前锋加速器1.6/spec.dll
Size

88KB
MD5

dd709c76001bb37d1c897093569a3924
SHA1

da91377a801c46666064343598ab58c189363049
SHA256

2cab3447f8f94d1bd60c07d8ea1824676e2b4f8d969ecbf81a44a12a0de32011
SHA512

30a5155d66d4b1f973d321a4273bf470b9245760c1774b4f5b4270c55999dc140bb8d217ac071b96bd7cab54e99c113ed9d6bd4931a981706d5d8fc595bb4210
SSDEEP

1536:xWifnTB4m33USRheexeKaf2foUDwFE0sN:kGV4Gz/jfog0S

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4192 wrote to memory of 1656	4192	rundll32.exe	rundll32.exe
PID 4192 wrote to memory of 1656	4192	rundll32.exe	rundll32.exe
PID 4192 wrote to memory of 1656	4192	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\急速辅助免费版1223\前锋加速器1.6\spec.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4192

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\急速辅助免费版1223\前锋加速器1.6\spec.dll,#1
2⤵
PID:1656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1656-132-0x0000000000000000-mapping.dmp

Download
memory/1656-133-0x0000000010000000-0x000000001001B000-memory.dmp

Filesize
108KB

Download
memory/1656-134-0x0000000000D60000-0x0000000000E7A000-memory.dmp

Filesize
1.1MB

Download