c706d68e0aa6afae2fbb7982ab47ea695a6d76aa168c0364afc191182abe806a

Analysis

max time kernel
28s
max time network
32s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
07/07/2023, 04:28

Target

SecuriteInfo.com.Win32.TrojanX-gen.31283.3083.dll
Size

88KB
MD5

199eb22e6bdabca31c5fabc105332a7f
SHA1

58d8d8d25a155ad53cdb6c842dc67aad66c2fa40
SHA256

c706d68e0aa6afae2fbb7982ab47ea695a6d76aa168c0364afc191182abe806a
SHA512

b145dfac6eb4bf703bf4f446a554a3508542526c1e04e75332d7eff502d7f6825c76be468c23abebf3a0b7df07091a4bf67a3fedd97a73919ca450d50f262194
SSDEEP

1536:SOG3J7Me+XlupP2ppGj8JiGVfWNhaQ34eWunuAcruCjRL1k:KhM5TJifN0Q35ZuH3RL

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1144 wrote to memory of 1808	1144	rundll32.exe	29
PID 1144 wrote to memory of 1808	1144	rundll32.exe	29
PID 1144 wrote to memory of 1808	1144	rundll32.exe	29
PID 1144 wrote to memory of 1808	1144	rundll32.exe	29
PID 1144 wrote to memory of 1808	1144	rundll32.exe	29
PID 1144 wrote to memory of 1808	1144	rundll32.exe	29
PID 1144 wrote to memory of 1808	1144	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.TrojanX-gen.31283.3083.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1144
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.TrojanX-gen.31283.3083.dll,#1
  2⤵
  PID:1808