771d39099e357ea35408336ec1d082d31fd4d70c0889cfd549c1dd520c92ed3c

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
21/08/2023, 12:41

Target

SecuriteInfo.com.W32.VBKrypt.BIU.gen.Eldorado.13535.dll
Size

161KB
MD5

b5de9124d3887b830cc696127cd7cd6b
SHA1

5a917bafb0b237b99d621ee8912af0afc59131c2
SHA256

771d39099e357ea35408336ec1d082d31fd4d70c0889cfd549c1dd520c92ed3c
SHA512

84e4d9a2344ddc0b4085e998046894ea621e0f0c11a8692496db449c56a12cd19ca4eeda7115045253e634b63f4100baeae9d208cd444dee9ee0e6ce3d345c67
SSDEEP

3072:eNFwdmspaPg9g9oOavAQBNrPkVdc88GjU+vF6nuxRocX5GOOUleo+c:e8d1/w5KA81IJ8GpF6nuTmOOU

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 1728	2440	rundll32.exe	29
PID 2440 wrote to memory of 1728	2440	rundll32.exe	29
PID 2440 wrote to memory of 1728	2440	rundll32.exe	29
PID 2440 wrote to memory of 1728	2440	rundll32.exe	29
PID 2440 wrote to memory of 1728	2440	rundll32.exe	29
PID 2440 wrote to memory of 1728	2440	rundll32.exe	29
PID 2440 wrote to memory of 1728	2440	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.VBKrypt.BIU.gen.Eldorado.13535.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.VBKrypt.BIU.gen.Eldorado.13535.dll,#1
  2⤵
  PID:1728