dd6ad4a99b065c1d95ce5b5167c8d24c8ab82f2ef9f24b1c118c0211f6bc895f | Triage

Resubmissions

03-08-2023 21:49

230803-1ptkkshe2y 3

03-08-2023 21:43

230803-1ldd7agc28 7

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
03-08-2023 21:43

Sharing

Report Analysis Logs

General

Target

nerjxb2n6/libeay32.dll
Size

1.3MB
MD5

de484d5dafe3c1208da6e24af40e0a97
SHA1

3e27b636863fefd991c57e8f4657aded333292e1
SHA256

007342c6b9b956f416f556b4bd6f1077e25bd077cc4f4ac136e3fccb803746e3
SHA512

e871ba131965331dcd6e7ae0ef02734e157676c7d2bba791dae274395eaac90df3e0851bd67f1e12461287860281d488e7e82c9c11cbf4657052eec78f678c3d
SSDEEP

24576:j3mX+KpPUqBeo0DN9d4gNIm0rsZBYddjpO3qJkBYEECY:oMaeZ74gNIm0rVdxpO3qKBZEC

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 2608	1860	rundll32.exe	28
PID 1860 wrote to memory of 2608	1860	rundll32.exe	28
PID 1860 wrote to memory of 2608	1860	rundll32.exe	28
PID 1860 wrote to memory of 2608	1860	rundll32.exe	28
PID 1860 wrote to memory of 2608	1860	rundll32.exe	28
PID 1860 wrote to memory of 2608	1860	rundll32.exe	28
PID 1860 wrote to memory of 2608	1860	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\nerjxb2n6\libeay32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\nerjxb2n6\libeay32.dll,#1
  2⤵
  PID:2608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads