bc592cb6413c3c0eed04f0f9a553434fc07f072e15617aeca3ed14dfb0f1592f | Triage

Analysis

max time kernel
29s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/01/2023, 19:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dcfr.dll
Size

56KB
MD5

4ae50222097c484c111651d1e8cd0256
SHA1

22f1189711b9ecaf56e45a50add2a9940e19f86f
SHA256

bc592cb6413c3c0eed04f0f9a553434fc07f072e15617aeca3ed14dfb0f1592f
SHA512

75046136324dde3fae8ad1a7f0394709f004753074c720edc774ef6a4ca9b249e1f23fca14abe4cbc2acea536fd1ff73cf74c00af6b11a128bda0a7e5c1c5fac
SSDEEP

768:J7vnhJKp6hXNwFDy2NENOMbJamcTFZWR3NJurYJUnio9SFwb8Ffd:M6UFO2NENpx6FY9Msaiopb8Ffd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 944 wrote to memory of 1728	944	rundll32.exe	28
PID 944 wrote to memory of 1728	944	rundll32.exe	28
PID 944 wrote to memory of 1728	944	rundll32.exe	28
PID 944 wrote to memory of 1728	944	rundll32.exe	28
PID 944 wrote to memory of 1728	944	rundll32.exe	28
PID 944 wrote to memory of 1728	944	rundll32.exe	28
PID 944 wrote to memory of 1728	944	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dcfr.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:944
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dcfr.dll,#1
  2⤵
  PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1728-55-0x00000000757E1000-0x00000000757E3000-memory.dmp

Filesize
8KB

Download