aaf3435f348a57be68f3fc95650c704d97684f1b664dac9194aa7738203f8ea9

Analysis

max time kernel
28s
max time network
33s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
06/07/2023, 20:29

Target

SecuriteInfo.com.Variant.Zusy.475489.11967.27995.dll
Size

255KB
MD5

08f9795cfd17fcf4d68b2b850c72d1d3
SHA1

f6848b00a29f97c75f1ddce81c16fe93e27e87ad
SHA256

aaf3435f348a57be68f3fc95650c704d97684f1b664dac9194aa7738203f8ea9
SHA512

7f23484213bc21d4b9629f0ce5e504315f74906e5b708c751d21ea712926f6ac77331bdd883b7861a731dff7cac9f8a0d27852caaec19b032d64b53ed8f61cbe
SSDEEP

6144:1cMqpeIGoxQzaUEk6NtsnQhbqYUdmbJIUYgcJ7ulblQwrviw:1WpeKxQzaUEkitsQhmYUdmLY3ulbRiw

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 1500	2076	rundll32.exe	28
PID 2076 wrote to memory of 1500	2076	rundll32.exe	28
PID 2076 wrote to memory of 1500	2076	rundll32.exe	28
PID 2076 wrote to memory of 1500	2076	rundll32.exe	28
PID 2076 wrote to memory of 1500	2076	rundll32.exe	28
PID 2076 wrote to memory of 1500	2076	rundll32.exe	28
PID 2076 wrote to memory of 1500	2076	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Zusy.475489.11967.27995.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Zusy.475489.11967.27995.dll,#1
  2⤵
  PID:1500