9a3245e6d3af81f8f515fca1dee9dc5e3aad9c2d263825ce975e2f2d19aa44e4 | Triage

Analysis

max time kernel
87s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
30-03-2023 03:06

Sharing

Report Analysis Logs

General

Target

Smartphone.Tycoon MT/ffmpeg.dll
Size

1.3MB
MD5

74c32aeaad4d0a45a25395acb42bb7b9
SHA1

f8d1bb47c1c1b9831d999acf726e55e9497138f1
SHA256

d487eaf8d444f5f72d0afb822e97096ef168feee4b0b9ee09fe59c812969c5d9
SHA512

b688fe3d45e31649883652900a470b10081c8109e720822194de764ee311aba8a24dc56b0799e07168d612bddb2d280c141d5bed2dc17eff7905550ec445c9cd
SSDEEP

24576:723uIlxSnEWR3EjvjfD5Z7kM4p4UG6wn+BKhykOMODT:clBWMjr5Zv4p1wnVXOMOD

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3592 wrote to memory of 1584	3592	rundll32.exe	rundll32.exe
PID 3592 wrote to memory of 1584	3592	rundll32.exe	rundll32.exe
PID 3592 wrote to memory of 1584	3592	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\ffmpeg.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3592

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Smartphone.Tycoon MT\ffmpeg.dll",#1
2⤵
PID:1584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...