1e22d8aa9ef11a057d19adcdf232485c9d063050860aef7866d92a5d82e72da5

Analysis

max time kernel
140s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2023, 21:25

Target

SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen.13628.dll
Size

56KB
MD5

427d0b56575a5832f77fde5686b4319a
SHA1

ad8823800e3d00bb56bd004245ac7e4a74bcd186
SHA256

1e22d8aa9ef11a057d19adcdf232485c9d063050860aef7866d92a5d82e72da5
SHA512

4ae0ef64f7912f3217c96c7dbae01b1b2e390c7a32cbfc59de59fa838c7d3ee72d8eefc75d8f01833d04408e3e0e83f6af9633a396dc01de49be5b15664c09d9
SSDEEP

384:U11hLwl82gBTHBFFbCntgmDyK5+rgAWyL+936Z77H01Hne9hVlubo:URThFFbLmDTU/43a7TCHGhVl

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2376	1648	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 1648	4868	rundll32.exe	82
PID 4868 wrote to memory of 1648	4868	rundll32.exe	82
PID 4868 wrote to memory of 1648	4868	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen.13628.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen.13628.dll,#1
  2⤵
  PID:1648
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 548
    3⤵
    - Program crash
    PID:2376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1648 -ip 1648
1⤵
PID:220