61e8097de8efef06b7510abffb5e8be94f70c8c8e00c5ac8c3dc00e8be45f740

Analysis

max time kernel
0s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2023 11:48

Target

SecuriteInfo.com.Win32.TrojanX-gen.11021.29362.dll
Size

277KB
MD5

fe8d97766d43cb2325e30421ccd9583e
SHA1

53ff473d6b9dbc624e8fdb4575e680658cff41cc
SHA256

61e8097de8efef06b7510abffb5e8be94f70c8c8e00c5ac8c3dc00e8be45f740
SHA512

294cccc6ec23970607ad60112c27abe3cb58d855efada0f6e015380536106e0fa210bd0117afa73beeb14a763e4bdf986734c7170d0473e36699226d07578694
SSDEEP

6144:EVYSZj97f6GjeZpoZ01LFRAE1HuyaRPqf/:uZhz6GjeZpl7uyaRqf/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4064 wrote to memory of 4416	4064	rundll32.exe	79
PID 4064 wrote to memory of 4416	4064	rundll32.exe	79
PID 4064 wrote to memory of 4416	4064	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.TrojanX-gen.11021.29362.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4064
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.TrojanX-gen.11021.29362.dll,#1
  2⤵
  PID:4416