359e387871378831eb1293f41b54436abc6357733d1a573f0caff90ab1cbf07d | Triage

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
30/01/2025, 21:13

Sharing

Report Analysis Logs

General

Target

CoreFoundation.dll
Size

3.6MB
MD5

b4677a50c291d7c5a7f9f1b80f39a37f
SHA1

76d183107f9a8f89f09e25149e6e3de777b25d5a
SHA256

c2d43d768cebcf63e8d0c3ae8ffd2cd5070e4ac656a132b63d5e7372cef69c62
SHA512

bb2a3bb016cca60bd5f8a33773752e8f88bae764a6497eaaccf563da8607805b5723b30135c001f2fbc20c628e75c099410d9fd09b375c3d2901b6e7f70ba356
SSDEEP

49152:Psh68THDmkeHoBN8SEsdV+5J+2D8/Etg8:2kbD3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 1572	2248	rundll32.exe	30
PID 2248 wrote to memory of 1572	2248	rundll32.exe	30
PID 2248 wrote to memory of 1572	2248	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\CoreFoundation.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2248 -s 216
  2⤵
  PID:1572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2248-0-0x0000000074500000-0x00000000748A8000-memory.dmp

Filesize
3.7MB

Download