3ed46144735c63a90aa11123cbcfd11c778564c6f0e38c1100f15dd227a5d05c | Triage

Analysis

max time kernel
143s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19-02-2024 13:52

Sharing

Report Analysis Logs

General

Target

SFVIP-Player-x64/lib/mpv-1.dll
Size

65.7MB
MD5

49c53ee04c87347202573b29f8b3bb9c
SHA1

dcbf5152c7f6b49b7f8a60ce888f13bec854414b
SHA256

28a9b7295cdeb1a35257c849c5a96649bda8c5c9c135103e9d388b0d849316d1
SHA512

863ddae0974c78a98f7b1056792a390c17e236b93f7941b1cf05612ceba7bc7cec985e04f94f362d2eb08f311b170f04de937b62d60dc3b9076c784e544b9920
SSDEEP

786432:4kiIUX0OWvHVLUFpyvAxRDOhg9X9xUx/iwe+xwuo+d:JYWRUFaAxRWx/iwe+xw

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2748	2672	rundll32.exe	28
PID 2672 wrote to memory of 2748	2672	rundll32.exe	28
PID 2672 wrote to memory of 2748	2672	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SFVIP-Player-x64\lib\mpv-1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2672 -s 248
  2⤵
  PID:2748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2672-0-0x0000000069BE0000-0x000000006EB10000-memory.dmp

Filesize
79.2MB

Download