Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    16/07/2024, 03:31

General

  • Target

    lib/freetype.dll

  • Size

    672KB

  • MD5

    6ae30af213a471e450c566e8377eacd2

  • SHA1

    cbae27cbd3323b93e57bc8b6844ef8d2cbb67080

  • SHA256

    cabb749f16cf301ae2d33876fe14c7df219c574e4d3628c5ce0dcf2bc83a965d

  • SHA512

    810fe3e6ba85cbb8a47f6150b432129ce94ab149ef8ecd538d4804de719e879d49fd3f7dffc8a83c0e74be661059fc95e55690531e4fbaca5b657fc64401c79e

  • SSDEEP

    12288:CX65+PTFaMhDlrgwvLPjEszpxL/NIKwd68eOP8qCa6DjbwLKQdfEWmj:CX6MRaMhprg0PwszpxD2Rk8eOP8qCBjr

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\lib\freetype.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2148 -s 80
      2⤵
        PID:2224

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads