4103c4d4931b3f54f6924144f21ae321a281f87d851eecaf5eac67b817134e66 | Triage

Analysis

max time kernel
26s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
11/05/2023, 16:05

Sharing

Report Analysis Logs

General

Target

blowfish.dll
Size

10KB
MD5

778b64f976b06b9efdc7f484a6dcd962
SHA1

47bceeb26eedb435164f2f5fc1edf7b8db170539
SHA256

4103c4d4931b3f54f6924144f21ae321a281f87d851eecaf5eac67b817134e66
SHA512

6500ecf4b9c2347cbb897d5ce4e250d83802e30ba741d4fce579ab1ceab000d624aa74c46b2fe32e30a87e4475cace561dae3074ee30a058a670970dd3ce1872
SSDEEP

192:erTGBDhbBx85LZD5ZGdLsz+gJHJAyZJg8D0KThxA+rAQE+tnJiO5:er99JpJgLa0Mp

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 704	2032	rundll32.exe	27
PID 2032 wrote to memory of 704	2032	rundll32.exe	27
PID 2032 wrote to memory of 704	2032	rundll32.exe	27
PID 2032 wrote to memory of 704	2032	rundll32.exe	27
PID 2032 wrote to memory of 704	2032	rundll32.exe	27
PID 2032 wrote to memory of 704	2032	rundll32.exe	27
PID 2032 wrote to memory of 704	2032	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\blowfish.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\blowfish.dll,#1
  2⤵
  PID:704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads