2455555f8a5b6f30b3557cc427a78c24f008075ac3826b165b8d2554ecb53e08 | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-05-2024 18:27

Sharing

Report Analysis Logs

General

Target

FortiCracke/FortiCracke/libeay32.dll
Size

1.1MB
MD5

1fc19d6114e67319078f9bff46431161
SHA1

f630aa829e919ebfd6a5bd0f910c20905da38bfa
SHA256

cee20a0774bde8465e0b1e666fd077ed17d52600608809b44031e1992b5ce6db
SHA512

8d128fe4e9f4924e862f301cd5f47ae6cf97b3aef9a5b19328984eeb55589a43425bbbcb725bcc48bdf2477c5633b014a86621183aaa408e31822dabf4016476
SSDEEP

24576:mgQ2bIE0xHNFiwyZ0rdq/f3EcEGNpNOBlmQ:X0XiwG4o/8HGNpNslm

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2320 wrote to memory of 2084	2320	rundll32.exe	rundll32.exe
PID 2320 wrote to memory of 2084	2320	rundll32.exe	rundll32.exe
PID 2320 wrote to memory of 2084	2320	rundll32.exe	rundll32.exe
PID 2320 wrote to memory of 2084	2320	rundll32.exe	rundll32.exe
PID 2320 wrote to memory of 2084	2320	rundll32.exe	rundll32.exe
PID 2320 wrote to memory of 2084	2320	rundll32.exe	rundll32.exe
PID 2320 wrote to memory of 2084	2320	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\FortiCracke\FortiCracke\libeay32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2320

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\FortiCracke\FortiCracke\libeay32.dll,#1
2⤵
PID:2084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads