a61f88ce7a97b6c24fd4ea28bf7a8e752d33d19499323541c4d435a856d77921 | Triage

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 07:41

Sharing

Report Analysis Logs

General

Target

ZTE_U880_V3升级工具/FatTracer.dll
Size

68KB
MD5

bf3605122d761cac41c5cfb80f08ddb7
SHA1

517653cacc84de79a922b6a82f8dbedf88eb1f0a
SHA256

2f683c7bfc3d24056c3546d4849719f123d123f90032202901f4830dcf063bcd
SHA512

352573f14700774f7002b64012e38718639299024c459189eed1eb638de93089eb5f3d240089361bd2580741ce41cf0bcf8c4579c3d88e50889fef7a9dee8d44
SSDEEP

1536:tMKOHOMNnDBx3jRXH/A8Lw5Azd4N4j2P13LMGs8k:GBDBljRXHs5c4N4qt34GPk

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 1936	2940	rundll32.exe	28
PID 2940 wrote to memory of 1936	2940	rundll32.exe	28
PID 2940 wrote to memory of 1936	2940	rundll32.exe	28
PID 2940 wrote to memory of 1936	2940	rundll32.exe	28
PID 2940 wrote to memory of 1936	2940	rundll32.exe	28
PID 2940 wrote to memory of 1936	2940	rundll32.exe	28
PID 2940 wrote to memory of 1936	2940	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ZTE_U880_V3升级工具\FatTracer.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ZTE_U880_V3升级工具\FatTracer.dll,#1
  2⤵
  PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads