b332bda0f132d11c7e8ada1042126c48ec9353db0379024ccee9d8406df6b13f | Triage

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27/01/2024, 04:07

Sharing

Report Analysis Logs

General

Target

3Dfx/Napalm/Glide3x.dll
Size

106KB
MD5

27fbb9281afe9992d5b9df40e937a440
SHA1

35e46580d80451201a1555aeb31c75864cdb4f4f
SHA256

9b14a673c8202409d2dbd4ff7acc030083e6ce1e7498bbd20875bbb700c5bd92
SHA512

0848235bdca4c9cd1937335a431f65c3f169557eecf7557eec6f28b2ffd9fc99de1fabbc88d0ab5045dce34ab3938fc4c5ac9b53627506e3678c52a3f4b88b30
SSDEEP

3072:NgKjbTCbG7J9coNm7Q4s/8KLGLMDz4r6cSgANK2aX:bbTCbGp8pERgo

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 2608	2044	rundll32.exe	14
PID 2044 wrote to memory of 2608	2044	rundll32.exe	14
PID 2044 wrote to memory of 2608	2044	rundll32.exe	14
PID 2044 wrote to memory of 2608	2044	rundll32.exe	14
PID 2044 wrote to memory of 2608	2044	rundll32.exe	14
PID 2044 wrote to memory of 2608	2044	rundll32.exe	14
PID 2044 wrote to memory of 2608	2044	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3Dfx\Napalm\Glide3x.dll,#1
1⤵
PID:2608

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3Dfx\Napalm\Glide3x.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2608-0-0x0000000010000000-0x0000000010071000-memory.dmp

Filesize
452KB

Download
memory/2608-1-0x0000000010000000-0x0000000010071000-memory.dmp

Filesize
452KB

Download