936761f5470a0a61cb4fe6b769af4019d9e45c988f238576aad47c0cce0bed75 | Triage

Resubmissions

08/02/2023, 19:48

230208-yh5yxsfc45 1

Analysis

max time kernel
1s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
08/02/2023, 19:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

OnlineFix.dll
Size

4.5MB
MD5

e2f15dc78c24482284656fed90acd2b8
SHA1

8f61a9d2202fe6e960bbd9f712994a4950987855
SHA256

936761f5470a0a61cb4fe6b769af4019d9e45c988f238576aad47c0cce0bed75
SHA512

12e3215993e6f54f12795e540eb858ae1e4b7537a0d1be58d5dd485c43d9b726f742e5386c05993098ea2b133c8b726e6441762441b86ac579590db270e8f1a2
SSDEEP

98304:sMP68mpeGoYOOZo1F+ChiHRW36p0+4huE66h0PYgbtt:sMif1fOOZYhkW36Cioh0nR

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 1560	1524	rundll32.exe	27
PID 1524 wrote to memory of 1560	1524	rundll32.exe	27
PID 1524 wrote to memory of 1560	1524	rundll32.exe	27
PID 1524 wrote to memory of 1560	1524	rundll32.exe	27
PID 1524 wrote to memory of 1560	1524	rundll32.exe	27
PID 1524 wrote to memory of 1560	1524	rundll32.exe	27
PID 1524 wrote to memory of 1560	1524	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\OnlineFix.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\OnlineFix.dll,#1
  2⤵
  PID:1560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1560-55-0x0000000075FE1000-0x0000000075FE3000-memory.dmp

Filesize
8KB

Download
memory/1560-56-0x00000000731A0000-0x0000000073993000-memory.dmp

Filesize
7.9MB

Download