d3d6f7f9f2b20a5b8e2517ea79f5a3bb48b7e13f7ec6533071dabdb8e0632569 | Triage

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 12:30

Sharing

Report Analysis Logs

General

Target

Furion hack.dll
Size

1.7MB
MD5

0ec9b5a56a4fa761901f25f2834d32e3
SHA1

b153b60bd80184299e20a449be1e74a2cfb02ec7
SHA256

af88b4a7ee9402cde864143472a6570760b5607c7003def31fd060414ed1bbf7
SHA512

91cf6b11d51167ec66e62097d379bebbcc8a094b6c4e38fa3bc91d9d64a7a1baf34fc5bfefee2c4077f4ff434c700b7a28f3b0ca3e4aed32d38a819bfdcee100
SSDEEP

24576:7EZoIhJSfkuGHOClz77HRLzz3R+9n+0AAXQjJOj31m/oTjUv:7YTuSzHxl+F+0bBj3MPv

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1200 wrote to memory of 1340	1200	rundll32.exe	rundll32.exe
PID 1200 wrote to memory of 1340	1200	rundll32.exe	rundll32.exe
PID 1200 wrote to memory of 1340	1200	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Furion hack.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Furion hack.dll",#1
  2⤵
  PID:1340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads