Analysis
-
max time kernel
150s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
19-07-2024 09:13
General
-
Target
$PLUGINSDIR/feczzkflxf.dll
-
Size
30KB
-
MD5
895a48f7b6d967eb813de8f96b0aca55
-
SHA1
821be080225a3415d6db2e6b269e841b0605ad93
-
SHA256
f00a637108b667cb6fc1c265c6e0fdcf650156d3100a6de084d430971ed03393
-
SHA512
5acd3940d4f55124c32a49325bdc8d59f2805882ea2c43b9b92db95861fb19ed3971a98f82cf3fffae42c2d243dbe2aaac05f50760adac4afd6a4065374dca60
-
SSDEEP
768:nYYsBQJDh7wN4Ce10NUW5gPO8P9MOVnF06ZTt07IKt:nIBQJDPGgPO8P9vnF06P07J
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\feczzkflxf.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\feczzkflxf.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\feczzkflxf.dll,#13⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 7123⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3308 -ip 33081⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
44KB
-
Filesize
44KB