2c73333d01cf79c1a643e0e152dbfe90cfddadac7d0dcb41beaf0db455968adf | Triage

Analysis

max time kernel
28s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
12/03/2023, 16:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

psftp.dll
Size

258KB
MD5

11800b982e3812f6019733491477ee68
SHA1

93783b910389a12952f3e517775d9e353bd41b1c
SHA256

de38efc712e94efbf9a84ffb71c7052f8c7eb1e4142c8cc7b2eeedbd79bc4bca
SHA512

c0b081f38ef1a599e5713230d5cff9b3c3d0f1e4306f5cdc7469a56301aa90990b1d88ab50c70e5249e2f4831165feff31fa32c3016895d99a4bed3b67fcf624
SSDEEP

6144:iN50cwBh8+jcu07adCWHEn7hRpnEZtb/LKqqD2sX9pU2:PcwLwurdCWHEnrpEt3qdNp

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1064	2016	WerFault.exe	27

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 1064	2016	rundll32.exe	28
PID 2016 wrote to memory of 1064	2016	rundll32.exe	28
PID 2016 wrote to memory of 1064	2016	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\psftp.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2016 -s 92
  2⤵
  - Program crash
  PID:1064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads