f93e4c97205e62be08bf62fcd18e7a8a163aa0a04525ba30a364dd2fdd5440c2 | Triage

Analysis

max time kernel
146s
max time network
161s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
13/07/2023, 13:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

FBXExport.dll
Size

11.7MB
MD5

61db1a5c809838756240c782c9720972
SHA1

1644ed39a365efd9879505e3a759f3d9c4fa9c6e
SHA256

0fa89c6c5f62a467dfc9c339d26b3d333e29fceac9ac3bc294585c5cc5ddbe81
SHA512

d9d8da5b16a0ed4c6a3aadd372be5bef1a0c20ac2138c5746d545272a375466824a4b2ece4c22ea9f35618fdfb64ab4b35012806461967ffdf2b67caee5ec063
SSDEEP

196608:27jzR94le1lHvNbSNuPPoBfNaB6fo8ezIF0T:27R94uHvNbSNuPPoBpo/A0

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5080	5096	WerFault.exe	70

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 604 wrote to memory of 5096	604	rundll32.exe	70
PID 604 wrote to memory of 5096	604	rundll32.exe	70
PID 604 wrote to memory of 5096	604	rundll32.exe	70

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\FBXExport.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:604
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\FBXExport.dll,#1
  2⤵
  PID:5096
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 676
    3⤵
    - Program crash
    PID:5080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads