6648d2cb0d90fd5a0be848bf4d189971d9b82f5ca64d6e97377bb8a9b744cf51 | Triage

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 10:02

Sharing

Report Analysis Logs

General

Target

fmod.dll
Size

1.6MB
MD5

691c4cbba1b7a3663cf086546f32dbb9
SHA1

67d98b6068a7a01545da856901c200aa144d9804
SHA256

cad8c684b8f45573ffda50bfdb92208cade53d2a7ec9eb2bb2b7d2d575f9aaba
SHA512

24a178c2b9ea634cb1d044c841fc6849e1b964dca1e20c2c0ae5b3c54347d19f56b28c0f3f24cc0ef3bee60752bad9440082a75dbc2e32d8c8a312e972bc1f04
SSDEEP

24576:R3z+d/iad6BV6iQMXl3IFt9pn2sGk2wfkGpxfv2yzNQDumZvbSlTV4h:R3zwiaXIYKsGSNxH2yZQD9yTy

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 2280	2300	rundll32.exe	28
PID 2300 wrote to memory of 2280	2300	rundll32.exe	28
PID 2300 wrote to memory of 2280	2300	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fmod.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2300 -s 140
  2⤵
  PID:2280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads