4f72510becfafdbb06c9caac66ba9e95225de1ea12b4d2fd5b67492a2e628abd | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 12:25

Sharing

Report Analysis Logs

General

Target

FXSAPI.dll
Size

222KB
MD5

942e57152f1cd0533644ab30ef1a4728
SHA1

707dd9d62390100c39134512ed7f8056ee2f0e18
SHA256

4f72510becfafdbb06c9caac66ba9e95225de1ea12b4d2fd5b67492a2e628abd
SHA512

165db48e4928145a4678816b55b6f781bdb6863ef28de27769ba277be4066f36c8b6d6513fa13d70f1e0c26f30e4bf8b49f0b9ca5e301bfedb691e035b1f1a16
SSDEEP

3072:GN2ohgfzUAIr8js6IMjQn6EkvVrVukJzdh4AqJSba5sGtif9yARTTd6:YyzFs6IGGnkvVMkHKfMzyApT

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 1312	1204	rundll32.exe	28
PID 1204 wrote to memory of 1312	1204	rundll32.exe	28
PID 1204 wrote to memory of 1312	1204	rundll32.exe	28
PID 1204 wrote to memory of 1312	1204	rundll32.exe	28
PID 1204 wrote to memory of 1312	1204	rundll32.exe	28
PID 1204 wrote to memory of 1312	1204	rundll32.exe	28
PID 1204 wrote to memory of 1312	1204	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\FXSAPI.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\FXSAPI.dll,#1
  2⤵
  PID:1312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads