9e323da77921aa6160eefc13bb01e3583012f5ab756f8cd1dcee160faf17f390

Analysis

max time kernel
2s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2023, 09:41

Target

SecuriteInfo.com.Variant.Zusy.475489.5932.dll
Size

255KB
MD5

6fce4ce8f881b172983540163434c133
SHA1

c7679cea88d9198d4da37f00425d1cab32b68f4a
SHA256

9e323da77921aa6160eefc13bb01e3583012f5ab756f8cd1dcee160faf17f390
SHA512

66e1a42088188f18f450a7decc5f62f701f835a28f9b3c062223d03d35be7c68b6ecfa09f5c9b247480f371fa989f36cf876df8606bd8da0d73e2a106904d022
SSDEEP

6144:nkEmDpM6FAWMVF7WZOWfU+BPBdmJJgZY6/RRuFLtbo7XJE:nXmDC6FAWMVFyZOWUAPBdmkY+uFLZore

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3852 wrote to memory of 4140	3852	rundll32.exe	79
PID 3852 wrote to memory of 4140	3852	rundll32.exe	79
PID 3852 wrote to memory of 4140	3852	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Zusy.475489.5932.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3852
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Zusy.475489.5932.dll,#1
  2⤵
  PID:4140