6da7aa72ea5447f380b60ec9ee536e1f9ec6405a3e7885f56f87a9ed15d21dcd | Triage

Analysis

max time kernel
73s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2023, 05:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

OnlineFix.dll
Size

4.1MB
MD5

29796f982013eab7ee50cba7caed77d5
SHA1

0d518c8d948f563c57018d65c03d53437409222c
SHA256

6da7aa72ea5447f380b60ec9ee536e1f9ec6405a3e7885f56f87a9ed15d21dcd
SHA512

547c39ada0fb8041574e8f8405a77ea35778574ef956df8d88acd0b560f2604ea060abc3c7e934c1f04f134ff252be9ff6d4a059e7acd51f6c70093660f481a5
SSDEEP

98304:33SjvLgD/4W+/W3MhstFEV8KxaNFVBy7OW8OB2Ao9PPzFU/98MB:oLd+MhM6OLOB2lPpUF8k

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 572 wrote to memory of 1524	572	rundll32.exe	82
PID 572 wrote to memory of 1524	572	rundll32.exe	82
PID 572 wrote to memory of 1524	572	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\OnlineFix.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:572
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\OnlineFix.dll,#1
  2⤵
  PID:1524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1524-133-0x0000000074620000-0x0000000074D7B000-memory.dmp

Filesize
7.4MB

Download