5effd528810a7e1c0fe7b6860470f5a1128102846145930aa16e0ae59024c945

Analysis

max time kernel
0s
max time network
3s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/02/2024, 23:23

Target

SecuriteInfo.com.Win32.MalwareX-gen.27832.20986.dll
Size

177KB
MD5

e254c25300c73b9b21886d5ebda75c3b
SHA1

83a03845e91f75dab97346fdf1b75287cfd7b0a3
SHA256

5effd528810a7e1c0fe7b6860470f5a1128102846145930aa16e0ae59024c945
SHA512

558e904fd80dc4743ea17937961892d7f08a98e6a0d8ac92ca5a14bc6c4166de89d6e6f98d1c569a3cda7aab65d7a78c323fef987423155324a0945f92d23f78
SSDEEP

3072:ITVjZ37J8GO2f2xL3cEXAepD+DwmXrKY11WXQZjlUk0MzKt2NDmjd2:Uz8Ofu4IbqeYzCQVlUk0aKcN6j4

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 3016	2672	rundll32.exe	28
PID 2672 wrote to memory of 3016	2672	rundll32.exe	28
PID 2672 wrote to memory of 3016	2672	rundll32.exe	28
PID 2672 wrote to memory of 3016	2672	rundll32.exe	28
PID 2672 wrote to memory of 3016	2672	rundll32.exe	28
PID 2672 wrote to memory of 3016	2672	rundll32.exe	28
PID 2672 wrote to memory of 3016	2672	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.MalwareX-gen.27832.20986.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.MalwareX-gen.27832.20986.dll,#1
  2⤵
  PID:3016

memory/3016-0-0x0000000010000000-0x0000000010153000-memory.dmp

Filesize
1.3MB

Download
memory/3016-1-0x0000000010000000-0x0000000010153000-memory.dmp

Filesize
1.3MB

Download