55453f794fbc569bf4afdf593aa27ff863bf1e1c67c7ccb5eb7bf48f29ff0de4 | Triage

Analysis

max time kernel
315s
max time network
389s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
30-05-2024 09:46

Sharing

Report Analysis Logs

General

Target

$SYSDIR/CFCA_HSBC_P11.dll
Size

184KB
MD5

7cda3a6e91e46cf2b04e60a72590b452
SHA1

ee82fb11e5c1b2c6df2e03452e699188175c0af1
SHA256

61c93b350f48896aca966524a7196db119fd188a107796221a4f54f723df7a22
SHA512

828b321b86dd42e5e96279c0418ed78b59f7405e26600fb0b1ef4cad2cbce1efea185e004de724e6f21b24ee98c0e79e0978987f9c048e28dd29fab3678a0030
SSDEEP

3072:6n2X+D4hYEyWf+e+kd8jPW/imWrb0fVJVRDHJUvUldz:3YEyvyAPW/ArCVRdfz

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 204 wrote to memory of 316	204	rundll32.exe	74
PID 204 wrote to memory of 316	204	rundll32.exe	74
PID 204 wrote to memory of 316	204	rundll32.exe	74

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$SYSDIR\CFCA_HSBC_P11.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:204
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$SYSDIR\CFCA_HSBC_P11.dll,#1
  2⤵
  PID:316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads