2455555f8a5b6f30b3557cc427a78c24f008075ac3826b165b8d2554ecb53e08

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
16-05-2024 18:27

Target

FortiCracke/FortiCracke/ssleay32.dll
Size

277KB
MD5

14d83b686edc94814eff6d96b00e14a8
SHA1

6e8269489d2a48f7c7fc484c8e14e564599c27f4
SHA256

8baef665568db18511911759277b704bbbe111a2aeb7902b650fac30995a5d45
SHA512

c3561c3927cc6237e765894bfcf504ea6edccf2e98c9623b3ee7233b658d1a142da82ab8aa3ecbe9692a718734a9d4d64a040dde9a52009a79e059470a45d6d7
SSDEEP

6144:vaBHS3Xs1JIxsALAibjNTYPLKd/W7IEkZayhfXRgf8DmAo4ciENRSQ5Jkcnd4:vaM3sJIxsALAibjNTuLKd/cIEkZhikD3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2912 wrote to memory of 2316	2912	rundll32.exe	rundll32.exe
PID 2912 wrote to memory of 2316	2912	rundll32.exe	rundll32.exe
PID 2912 wrote to memory of 2316	2912	rundll32.exe	rundll32.exe
PID 2912 wrote to memory of 2316	2912	rundll32.exe	rundll32.exe
PID 2912 wrote to memory of 2316	2912	rundll32.exe	rundll32.exe
PID 2912 wrote to memory of 2316	2912	rundll32.exe	rundll32.exe
PID 2912 wrote to memory of 2316	2912	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\FortiCracke\FortiCracke\ssleay32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2912

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\FortiCracke\FortiCracke\ssleay32.dll,#1
2⤵
PID:2316