f441cdf0efa8cb1ec3a7618c5cf6db6afd74f26dade115b5ac7097e16ad298bc | Triage

Analysis

max time kernel
93s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 09:56

Sharing

Report Analysis Logs

General

Target

JMTJFX简明统计分析/vfpodbc.dll
Size

912KB
MD5

fc0660a47ba63d8feeebcfd59069e6d6
SHA1

ab8f0eae7405c70c4f506c28d2aea604620f1734
SHA256

65e4ff53203c8c890c245ce08abee67e898a17651df3b06b162ed2e019370ada
SHA512

c49b85b03f308ca5587231711e0a1f78df8c52345a24c1822f885dbdaf6b2fc19cb3a2599045ffcb4c64e0bf18f2a4d336e7023e3c229a45c285b083ba14ce29
SSDEEP

24576:Tq7GIvAoRzmI1TY+XBg4xJeRCDIPTQ6wPP7OtVpp:RIvAo/+s+oDAQ6+K/

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3488 wrote to memory of 1500	3488	rundll32.exe	80
PID 3488 wrote to memory of 1500	3488	rundll32.exe	80
PID 3488 wrote to memory of 1500	3488	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\JMTJFX简明统计分析\vfpodbc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3488
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\JMTJFX简明统计分析\vfpodbc.dll,#1
  2⤵
  PID:1500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads