075d90a1ffdcda0f016d17a99806fb58532e770e84d9c597a15f923b2fcb670f | Triage

Analysis

max time kernel
108s
max time network
50s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
07/10/2023, 23:52

Sharing

Report Analysis Logs

General

Target

Firebase.App.dll
Size

87KB
MD5

eda57ce86c018b7ec757ce925387a54e
SHA1

8cfa2b8b97b86b105f99ac3d6583d0a995845ba6
SHA256

5966a1c2664b3dbcd2de1b8acbfe48170df353d6344a5441fc37d12784fdf103
SHA512

90f4497959e2fad4ec9b770031dae2f18d2cbfc4afcfb64bd2e3d490cdb426af757e179ff5ff391cc307479040853e9de80713c9ad12d1d10a7bc3a005eec822
SSDEEP

1536:y/4tHJMGv/PikqCwitgddVeNzxjbPkcN4u5:y/4dJMGnKkJt+ebPkc2u5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 2696	2720	rundll32.exe	29
PID 2720 wrote to memory of 2696	2720	rundll32.exe	29
PID 2720 wrote to memory of 2696	2720	rundll32.exe	29
PID 2720 wrote to memory of 2696	2720	rundll32.exe	29
PID 2720 wrote to memory of 2696	2720	rundll32.exe	29
PID 2720 wrote to memory of 2696	2720	rundll32.exe	29
PID 2720 wrote to memory of 2696	2720	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Firebase.App.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Firebase.App.dll,#1
  2⤵
  PID:2696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads