4e1ac25a9ed8db9c77454cb2e70246425004464e5055f304291f8e2f309564cb | Triage

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-05-2024 22:27

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/fyaxa.dll
Size

125KB
MD5

aeff1dd61fe5a57eb6a43cebd40fe5cb
SHA1

08eb412a5a8e2d3cbae7bfb3981ae94b25fa746b
SHA256

56f31e80e3445c014a3e079e675a6e505da3f8a4460abdc98afdc4c8a33b1267
SHA512

2216e4e6aee5c6323d2151d4e25e82b676b191f11b290cfde3d89981598e6c89ae491dddc153129a17aeac278b143cabbf5d0cc6d7bee7e8f312916965053af3
SSDEEP

3072:b5AHaDHVM+UgAP74ucqr2spP0wkDx9Ow+:tGCVM/cut2sxMDx0w+

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 1400	2232	rundll32.exe	28
PID 2232 wrote to memory of 1400	2232	rundll32.exe	28
PID 2232 wrote to memory of 1400	2232	rundll32.exe	28
PID 2232 wrote to memory of 1400	2232	rundll32.exe	28
PID 2232 wrote to memory of 1400	2232	rundll32.exe	28
PID 2232 wrote to memory of 1400	2232	rundll32.exe	28
PID 2232 wrote to memory of 1400	2232	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\fyaxa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\fyaxa.dll,#1
  2⤵
  PID:1400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads