3514e406ef8bd72d3652e493309d902ddb556e1418ff2969a2e14a5ae493158d

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
23/08/2023, 04:29

Target

SecuriteInfo.com.Win32.PWSX-gen.11486.26715.dll
Size

75KB
MD5

435485b20c6b4c8ab967cbeb837d4f82
SHA1

42f778f5dfa97876316ff1c9301d4c3e7ada6ed7
SHA256

3514e406ef8bd72d3652e493309d902ddb556e1418ff2969a2e14a5ae493158d
SHA512

d0ead311e3277ba017ba9767967b8f833fd5aece66acbfa315f341c871c025de87a6b18e4128de1ed89bbb836bd32eea28c6a1da754284e28dc676ace029b8f8
SSDEEP

1536:/CBqkCJV0hWWRGjTRjqvc7UZ/psWbrcdGM6srUfb:qCJyhWVjTRj5UlH6GTc2

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2276	2352	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 2352	2676	rundll32.exe	28
PID 2676 wrote to memory of 2352	2676	rundll32.exe	28
PID 2676 wrote to memory of 2352	2676	rundll32.exe	28
PID 2676 wrote to memory of 2352	2676	rundll32.exe	28
PID 2676 wrote to memory of 2352	2676	rundll32.exe	28
PID 2676 wrote to memory of 2352	2676	rundll32.exe	28
PID 2676 wrote to memory of 2352	2676	rundll32.exe	28
PID 2352 wrote to memory of 2276	2352	rundll32.exe	29
PID 2352 wrote to memory of 2276	2352	rundll32.exe	29
PID 2352 wrote to memory of 2276	2352	rundll32.exe	29
PID 2352 wrote to memory of 2276	2352	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.11486.26715.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.11486.26715.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2352
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 236
    3⤵
    - Program crash
    PID:2276

memory/2352-54-0x0000000000170000-0x0000000000172000-memory.dmp

Filesize
8KB

Download