b8281363707d0cc7e37e1b2b95a243b12d941b1ca53130c83642e895d81e3947 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 01:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/ufxsetup.dll
Size

6KB
MD5

929f169f2ad2e2831b25e6a600eea174
SHA1

8cb4f06e93f1391da64b8585c41618838563bb10
SHA256

d6ee6c2f94164a30b9a43d39c664489c59ab882b18e0fc0387b6f99b442d2fcd
SHA512

7c549c511f36a251265e1a8f22bceb5d68dcf7f09202aa7c504e0151826929c91caea76e094f3adda2d92105a153d06d82ca13dfc3bdcfaa5f8f598c0951ee9a
SSDEEP

96:/a9F7PN9zkFi3+cwsHe1RbijbXmgv9jc6pZALU2gH:C9ZN9QYErbmbz9c6pZ6U2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 1724	2080	rundll32.exe	28
PID 2080 wrote to memory of 1724	2080	rundll32.exe	28
PID 2080 wrote to memory of 1724	2080	rundll32.exe	28
PID 2080 wrote to memory of 1724	2080	rundll32.exe	28
PID 2080 wrote to memory of 1724	2080	rundll32.exe	28
PID 2080 wrote to memory of 1724	2080	rundll32.exe	28
PID 2080 wrote to memory of 1724	2080	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ufxsetup.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ufxsetup.dll,#1
  2⤵
  PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads