73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf | Triage

Analysis

max time kernel
129s
max time network
136s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
21/04/2024, 00:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Fifty.v2.dll
Size

385KB
MD5

1ce7d5a1566c8c449d0f6772a8c27900
SHA1

60854185f6338e1bfc7497fd41aa44c5c00d8f85
SHA256

73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf
SHA512

7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753
SSDEEP

6144:Tv/ioKdMF+LZD/ZRj1vwWrrUFMNoz4pFGxjEB1NYAOrabN2GZvFcD7:Td+LZrNwWrrwMNoz4vG1OYZabtK7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5028 wrote to memory of 3920	5028	rundll32.exe	72
PID 5028 wrote to memory of 3920	5028	rundll32.exe	72
PID 5028 wrote to memory of 3920	5028	rundll32.exe	72

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Fifty.v2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Fifty.v2.dll,#1
  2⤵
  PID:3920

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads