fa09c9ab2f3fc8d3c6541cb835769792d6bc041ba5aa1d04a22be1608791ad9e | Triage

Resubmissions

31-10-2023 10:08

231031-l564aafc8y 10

01-08-2020 19:35

200801-yxa2qg44dx 10

Analysis

max time kernel
61s
max time network
75s
platform
windows7_x64
resource
win7
submitted
01-08-2020 19:35

Sharing

Report Analysis Logs

General

Target

SecuriteInfo.com.Trojan.GenericKD.34222957.15631.17502.dll
Size

395KB
MD5

5120008536c0de7bf6030f10377ec8c0
SHA1

778a0fd8c2b307ad1aba4a66fadef2ff3306d5d0
SHA256

fa09c9ab2f3fc8d3c6541cb835769792d6bc041ba5aa1d04a22be1608791ad9e
SHA512

83f151f19a5cada9420040522d21b52943793530e5e43d1e0e47f8b4cc726d4b741663d4c8b8ef03649c1b281cd9c702419cb580abc555317363e7b8d02edb15

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1296 wrote to memory of 1260	1296	rundll32.exe	rundll32.exe
PID 1296 wrote to memory of 1260	1296	rundll32.exe	rundll32.exe
PID 1296 wrote to memory of 1260	1296	rundll32.exe	rundll32.exe
PID 1296 wrote to memory of 1260	1296	rundll32.exe	rundll32.exe
PID 1296 wrote to memory of 1260	1296	rundll32.exe	rundll32.exe
PID 1296 wrote to memory of 1260	1296	rundll32.exe	rundll32.exe
PID 1296 wrote to memory of 1260	1296	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.34222957.15631.17502.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1296

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.34222957.15631.17502.dll,#1
2⤵
PID:1260

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1260-0-0x0000000000000000-mapping.dmp

Download