5f20af1d782468507417d0785826b1f064fadba88ed1691e2def269922ace56b | Triage

Analysis

max time kernel
142s
max time network
18s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
02-08-2024 21:43

Sharing

Report Analysis Logs

General

Target

libfltk.dll
Size

2.6MB
MD5

e1bc70e49a20034b7b152b3fbac4d901
SHA1

fd8d5f3b122f7633d5988fe506a18a37483e9c47
SHA256

33515e361558bbcb098c34a9c1887f53b1c32e393c73aacfee576caab2c0f786
SHA512

13522f1470606982fd3a04efcce107b2cb8780c867c2dd7f108955bff3b8891650831fcd24887b7537dfd06fe1349061524b4b9477d886e3fdf74c10ce483807
SSDEEP

49152:lMkiuxzNB3WuNEHvIG4hg7CMJ/lVBppitwWo7Vb5EgtggL3xMe25CB07ktEE3k4v:vNEsQppRJhukkaXMjE1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 2424	948	rundll32.exe	29
PID 948 wrote to memory of 2424	948	rundll32.exe	29
PID 948 wrote to memory of 2424	948	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libfltk.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:948
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 948 -s 176
  2⤵
  PID:2424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/948-0-0x000000006EE00000-0x000000006EFF1000-memory.dmp

Filesize
1.9MB

Download