b3e17f58f4cc6c5c1bdb80404faafe9a6b9a7451c6f285923c93501dfa431a4a | Triage

Analysis

max time kernel
12s
max time network
15s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
12/04/2023, 22:29

Sharing

Report Analysis Logs

General

Target

fatality.dll
Size

51KB
MD5

9ed19e1d4c93ca790c56f618be9750d8
SHA1

149f4c1ddad3b8c60f396d12b8bdccd408c88df3
SHA256

b3e17f58f4cc6c5c1bdb80404faafe9a6b9a7451c6f285923c93501dfa431a4a
SHA512

44b134b5305a66c87b127b361608b8e4c1d06809c4e84696695bd652810736a4008c2839454580e59abaec088c5fb4921e10f0ecd26a013ab899256b8a4d0fb7
SSDEEP

768:E5lgvGMBj8zAnvFkMJdk7y3LzdA4TuHrGGktmnRB:cGGMBfnvrvLz3WWQnr

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 2288	1964	rundll32.exe	83
PID 1964 wrote to memory of 2288	1964	rundll32.exe	83
PID 1964 wrote to memory of 2288	1964	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fatality.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fatality.dll,#1
  2⤵
  PID:2288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads