aa2dde9e8c85b387267d9983c1612b08f73b164df203d2494f585fd9c1089bd4 | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-es
resource tags

arch:x64arch:x86image:win7-20220812-eslocale:es-esos:windows7-x64systemwindows
submitted
28/12/2022, 09:50

Sharing

Report Analysis Logs

General

Target

ssleay32.dll
Size

152KB
MD5

98b60bad042406d0fee9d794943aa402
SHA1

26b379fb24331001091776645e5686daa21052b2
SHA256

a3e6757fa8f8a60f35c3e0ac58ea12407f07553527190d3b7b2caef31e544da5
SHA512

e3a582b97cddebc0f348dd7d72b35431560f14a418657aa63920d55f46253f0d6fdcff46c75d400645a4558f79f404566cabca85b6e797bfcd044e78ce7aeeb4
SSDEEP

3072:glz3GKJMgi8Mz6ag/Z+hs4vKSY7uZ7asCpGv:glKKigi8Mfhs0Krs6y

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 276	864	rundll32.exe	28
PID 864 wrote to memory of 276	864	rundll32.exe	28
PID 864 wrote to memory of 276	864	rundll32.exe	28
PID 864 wrote to memory of 276	864	rundll32.exe	28
PID 864 wrote to memory of 276	864	rundll32.exe	28
PID 864 wrote to memory of 276	864	rundll32.exe	28
PID 864 wrote to memory of 276	864	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ssleay32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ssleay32.dll,#1
  2⤵
  PID:276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/276-55-0x0000000075781000-0x0000000075783000-memory.dmp

Filesize
8KB

Download
memory/276-56-0x00000000001C0000-0x000000000026A000-memory.dmp

Filesize
680KB

Download