36f4a643b55ba7dcba92c8a8e1ef5f05bf2acc1d866ea1d8752a926f848cca44 | Triage

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 20:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

CrossFire WallHack by F.R.sesin/CFHack.dll
Size

36KB
MD5

2c39a91813a95c70034d0700c31e07c8
SHA1

7f38765d499f913b738703ffae861f28cc6eacff
SHA256

197264a261b50d0c9b7cf352ddf12c1e8c0ccfb055d09d3e7b68f1f14c1cb702
SHA512

3b5b36cac86ac7438b41cee251a79b2f773c6560a6d981bdbddd2e7e273935d774831a3c0583c87d2646b953a372dfcf9d8be7f5b4c1540dee8f65c7380285ff
SSDEEP

768:kE2yuTbulwUo+Mt4nESliB9Uf2f3+snN58zo4r:ruTb0oNSnH4Xoo

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2472	2508	rundll32.exe	28
PID 2508 wrote to memory of 2472	2508	rundll32.exe	28
PID 2508 wrote to memory of 2472	2508	rundll32.exe	28
PID 2508 wrote to memory of 2472	2508	rundll32.exe	28
PID 2508 wrote to memory of 2472	2508	rundll32.exe	28
PID 2508 wrote to memory of 2472	2508	rundll32.exe	28
PID 2508 wrote to memory of 2472	2508	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\CrossFire WallHack by F.R.sesin\CFHack.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\CrossFire WallHack by F.R.sesin\CFHack.dll",#1
  2⤵
  PID:2472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads