16ed373a67ed1473782609e239f38dfa0091e26b7e0ab8955f48e297292045ba

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18/02/2024, 23:25

Target

SecuriteInfo.com.BackDoor.Infector.133.5393.dll
Size

3.3MB
MD5

8c071ef15f7a8cc32ec523046cfbb9ab
SHA1

89b3691a5eed06c359ff50b82f29dcdb0477098f
SHA256

16ed373a67ed1473782609e239f38dfa0091e26b7e0ab8955f48e297292045ba
SHA512

0afc7964790990ae6fbfd9edc8a588e95c509f8b24bc87bea0c4885621e84b947c9283386c385af5296fbb6d46babeadd5d70ad32208d65bec9721009fab3d7f
SSDEEP

24576:Wv7+lYPuTWvuQ2hulNdEabYHQLNWiqHyt6Gy1/6+b:vQQnneuwRegypJb

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2264	3828	WerFault.exe	89

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5052 wrote to memory of 3828	5052	rundll32.exe	89
PID 5052 wrote to memory of 3828	5052	rundll32.exe	89
PID 5052 wrote to memory of 3828	5052	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BackDoor.Infector.133.5393.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5052
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BackDoor.Infector.133.5393.dll,#1
  2⤵
  PID:3828
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 688
    3⤵
    - Program crash
    PID:2264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 3828 -ip 3828
1⤵
PID:636

memory/3828-0-0x00000000024E0000-0x00000000027F1000-memory.dmp

Filesize
3.1MB

Download
memory/3828-1-0x00000000024E0000-0x00000000027F1000-memory.dmp

Filesize
3.1MB

Download