fbe07d1afd27ab353daa2afacc2de87d8f5ec69f64bbd9246f31ebfe1731de9b | Triage

Analysis

max time kernel
360s
max time network
362s
platform
windows7_x64
resource
win7-20231129-es
resource tags

arch:x64arch:x86image:win7-20231129-eslocale:es-esos:windows7-x64systemwindows
submitted
22-04-2024 19:58

Sharing

Report Analysis Logs

General

Target

$TEMP/PCSX2 1.6.0/Plugins/FWnull.dll
Size

20KB
MD5

839118a8eda3738109b5d0a20feba5e9
SHA1

19c0c44145c0640f5fc43e55b57ab9f90b870b58
SHA256

744d613b00853576a34ec2502f3dbe4bb0ed80fb886bb690eea2196fa807d92c
SHA512

625e1f5c3da8b1872a842ba130cb8db1afbec6c969aec995012b0ce2b7eccf467a0594c5d1706236efeccecb051b64943ae99ace2cb88239015ca6329a3f32b7
SSDEEP

384:BbpRuVD+ZfzhKbPHj505QHFYxFfmGgMzNMRa/7:BvFZflOFtlIFfmjMzmE

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2188 wrote to memory of 2320	2188	rundll32.exe	rundll32.exe
PID 2188 wrote to memory of 2320	2188	rundll32.exe	rundll32.exe
PID 2188 wrote to memory of 2320	2188	rundll32.exe	rundll32.exe
PID 2188 wrote to memory of 2320	2188	rundll32.exe	rundll32.exe
PID 2188 wrote to memory of 2320	2188	rundll32.exe	rundll32.exe
PID 2188 wrote to memory of 2320	2188	rundll32.exe	rundll32.exe
PID 2188 wrote to memory of 2320	2188	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\$TEMP\PCSX2 1.6.0\Plugins\FWnull.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\$TEMP\PCSX2 1.6.0\Plugins\FWnull.dll",#1
  2⤵
  PID:2320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads