941c55c178d109c1af6ca548fbc8d5cf2abe6a7ae9c9517348f499e015ce14fc | Triage

Analysis

max time kernel
440s
max time network
448s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
06-02-2024 00:08

Sharing

Report Analysis Logs

General

Target

Fire.dll
Size

172KB
MD5

eb99d79176c4f09a9df09a51f2fd68dd
SHA1

a805143cc6c98834e3890c417b1b80ac3c74a918
SHA256

d997be791f6b4769395e921045fa411eb238bf2f970b9d2df4c6936f4a7a0502
SHA512

97c4d0bbe50221757e36c9e8fae92b801d905caf8ee1e60e76c5eaecd4ad13742652756109b5a5d1d358473784380c98f9fd3eea37319d434b50e046a66ed259
SSDEEP

3072:0FDfGaG9vj+Ll/SzdDhccJyB9+Qy9OIN:0Bkj+LwacsKg

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1008 wrote to memory of 5020	1008	rundll32.exe	rundll32.exe
PID 1008 wrote to memory of 5020	1008	rundll32.exe	rundll32.exe
PID 1008 wrote to memory of 5020	1008	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Fire.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Fire.dll,#1
  2⤵
  PID:5020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads