06b21fd981d0eeae504e4a9a4d6e04f63b44d10bafeed3fd489eb784fd213ef3 | Triage

Analysis

max time kernel
93s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 18:34

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/fyaxa.dll
Size

125KB
MD5

aeff1dd61fe5a57eb6a43cebd40fe5cb
SHA1

08eb412a5a8e2d3cbae7bfb3981ae94b25fa746b
SHA256

56f31e80e3445c014a3e079e675a6e505da3f8a4460abdc98afdc4c8a33b1267
SHA512

2216e4e6aee5c6323d2151d4e25e82b676b191f11b290cfde3d89981598e6c89ae491dddc153129a17aeac278b143cabbf5d0cc6d7bee7e8f312916965053af3
SSDEEP

3072:b5AHaDHVM+UgAP74ucqr2spP0wkDx9Ow+:tGCVM/cut2sxMDx0w+

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 996 wrote to memory of 4712	996	rundll32.exe	82
PID 996 wrote to memory of 4712	996	rundll32.exe	82
PID 996 wrote to memory of 4712	996	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\fyaxa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:996
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\fyaxa.dll,#1
  2⤵
  PID:4712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads