Analysis
-
max time kernel
141s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
27/05/2024, 11:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
FlyTcpFramework.dll
Resource
win7-20240508-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
FlyTcpFramework.dll
Resource
win10v2004-20240226-en
1 signatures
150 seconds
General
-
Target
FlyTcpFramework.dll
-
Size
28KB
-
MD5
690d3f6d09df8e40b597e38662977b07
-
SHA1
1349ab8047834dd57af6e707df4a0f6d0ca3fe0e
-
SHA256
32786b14b17cdf83c54b9d097d8e7d6169e14dcd8065ae224da93d9e34398f49
-
SHA512
fb4aa17632836a005b7a66ff49784f61a1cf838cd88918fdd4df0bf6b48db0b5ef43d87731698922a63ddf6f07da4a6126a6254332d5920d3c04505c2cd80929
-
SSDEEP
384:OI+F9dLUbpONLXpn+Vvjbv4Ml19OytyBC2fZp:grFNLXpibPTOXzfX
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2260 wrote to memory of 2428 2260 rundll32.exe 91 PID 2260 wrote to memory of 2428 2260 rundll32.exe 91 PID 2260 wrote to memory of 2428 2260 rundll32.exe 91
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\FlyTcpFramework.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2260 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\FlyTcpFramework.dll,#12⤵PID:2428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3684 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:81⤵PID:5824