cb72d7878e090cfebd4bf335f4b148471b5a3e359e1eafdc23bef9288b56619e | Triage

Analysis

max time kernel
273s
max time network
279s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 09:36

Sharing

Report Analysis Logs

General

Target

zees/far.dll
Size

1.1MB
MD5

725abeeab7558add5f3c8a054510b579
SHA1

1e66ebc50adcd44ebe1571e1e4191810341795c5
SHA256

b799784456c499aaeb5942ba4deea360af24e8bc8c503ca8a8682fe6e7d70540
SHA512

e09370131985a947fe0ea7eb7545f2606b9a44b2176f89f8d212fd184371259fc2a43762e6528bbff4558ab10f87709098e638ff12d668fcec60fed76cd6c68f
SSDEEP

12288:chCqMRHPptvo8zY+jAe95NtXqWo8g5tj+5niH/Ez:i3MpzMeFtaWg5tjgifM

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2552 wrote to memory of 1712	2552	rundll32.exe	rundll32.exe
PID 2552 wrote to memory of 1712	2552	rundll32.exe	rundll32.exe
PID 2552 wrote to memory of 1712	2552	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\zees\far.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2552

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\zees\far.dll,#1
2⤵
PID:1712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1712-132-0x0000000000000000-mapping.dmp

Download