8364bae4e2951957403cbe3a78362edb7d41c34f49c81f0336fcb28d1510d5e1 | Triage

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12-10-2023 05:51

Sharing

Report Analysis Logs

General

Target

facesdk.dll
Size

984KB
MD5

2ac9de68c0def72fb18b04a9918c91cc
SHA1

02d5bbcf9e070565be1b5add17ac8b87931e1dc1
SHA256

8364bae4e2951957403cbe3a78362edb7d41c34f49c81f0336fcb28d1510d5e1
SHA512

25e237276e4a8db1b847ba96fb333e81958cbd08d99e2fbec45a06afa613d92cf47811f1d372cd5f2534dd116c3952f3faef1c5c4fc6a8d3c2d89b4cc70a6c5b
SSDEEP

12288:ij3WE93NAVMP6c6iihuu1tco20EAQk6IDTWcGY++XbvVIbRY78hPJQz:U4MDToCk6IDTWcpvVKf8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2832 wrote to memory of 2796	2832	rundll32.exe	28
PID 2832 wrote to memory of 2796	2832	rundll32.exe	28
PID 2832 wrote to memory of 2796	2832	rundll32.exe	28
PID 2832 wrote to memory of 2796	2832	rundll32.exe	28
PID 2832 wrote to memory of 2796	2832	rundll32.exe	28
PID 2832 wrote to memory of 2796	2832	rundll32.exe	28
PID 2832 wrote to memory of 2796	2832	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\facesdk.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2832
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\facesdk.dll,#1
  2⤵
  PID:2796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2796-0-0x0000000074480000-0x00000000745DB000-memory.dmp

Filesize
1.4MB

Download