2238e3327b261ba6d7fcf473b15edec80573fe8d0c40dcb84e944b4e2d5c2963

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
19/07/2023, 03:39

Target

SecuriteInfo.com.Win32.PWSX-gen.32031.23230.dll
Size

51KB
MD5

cea0993c190d91e53d07044499b341c9
SHA1

f48287a2441e2167879c2c53f3f2f5dede687e6f
SHA256

2238e3327b261ba6d7fcf473b15edec80573fe8d0c40dcb84e944b4e2d5c2963
SHA512

92d578ea699a31e506f0558276cd542794c628cd02fc71c1d548116b580dd88ef5147b6b4deb8518df30d658038fededd943a0d5cce90e70afbb76addeadc5dd
SSDEEP

768:PMeGbaAj/YhKMsN0bYfjEruWV2NKMKstyxdj2TtB7+HZxq9eh:PVG8zA9VKD72TtB6HDq

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2636 wrote to memory of 2628	2636	rundll32.exe	28
PID 2636 wrote to memory of 2628	2636	rundll32.exe	28
PID 2636 wrote to memory of 2628	2636	rundll32.exe	28
PID 2636 wrote to memory of 2628	2636	rundll32.exe	28
PID 2636 wrote to memory of 2628	2636	rundll32.exe	28
PID 2636 wrote to memory of 2628	2636	rundll32.exe	28
PID 2636 wrote to memory of 2628	2636	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.32031.23230.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2636
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.32031.23230.dll,#1
  2⤵
  PID:2628