cb3fc239e7d29e7e2425e7fcdbfa1097d15cc3e1100a4d32cf7b20a9d2cdd5f7 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-04-2024 07:58

Sharing

Report Analysis Logs

General

Target

wufuc/wufuc32.dll
Size

108KB
MD5

6bc409fc75080049505e3a34c035fc93
SHA1

26c10b2d15376777c95b11587c664a607722579c
SHA256

dd97107afdefc497a6df5914b79fc69560b6bd4b0a7fb6bbccd87df9034e73fc
SHA512

8109ac4cc06fab1149503f453c021a7bfc7da69f227b4cbccda8061fe279d27a8f464c010396d540ff46bd3f956e96773bb7ea03080e66ab1bab58366e96c09e
SSDEEP

3072:Xs/wj+Nxk3zhj8bI47u77QHASTITZ0FCTxJcsPnO4X:XseyAzhgbI47u7MHASEPX

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1460 wrote to memory of 2412	1460	rundll32.exe	rundll32.exe
PID 1460 wrote to memory of 2412	1460	rundll32.exe	rundll32.exe
PID 1460 wrote to memory of 2412	1460	rundll32.exe	rundll32.exe
PID 1460 wrote to memory of 2412	1460	rundll32.exe	rundll32.exe
PID 1460 wrote to memory of 2412	1460	rundll32.exe	rundll32.exe
PID 1460 wrote to memory of 2412	1460	rundll32.exe	rundll32.exe
PID 1460 wrote to memory of 2412	1460	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\wufuc\wufuc32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1460

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\wufuc\wufuc32.dll,#1
2⤵
PID:2412

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...