75ce91d4f361227c1275a326653533c5eaa494b87dd96c529b03d0a3a6ff9ae2

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
20/02/2024, 01:23

Target

ORIONX-FUD-CRYPTER-main/main/sys/libcrypto-1_1.dll
Size

3.3MB
MD5

9d7a0c99256c50afd5b0560ba2548930
SHA1

76bd9f13597a46f5283aa35c30b53c21976d0824
SHA256

9b7b4a0ad212095a8c2e35c71694d8a1764cd72a829e8e17c8afe3a55f147939
SHA512

cb39aa99b9d98c735fdacf1c5ed68a4d09d11f30262b91f6aa48c3f8520eff95e499400d0ce7e280ca7a90ff6d7141d2d893ef0b33a8803a1cadb28ba9a9e3e2
SSDEEP

98304:YP+uemAdn67xfxw6rKsK1CPwDv3uFfJz1CmiX:OZemAYxfxw6HK1CPwDv3uFfJzUmA

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2084	2220	rundll32.exe	28
PID 2220 wrote to memory of 2084	2220	rundll32.exe	28
PID 2220 wrote to memory of 2084	2220	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ORIONX-FUD-CRYPTER-main\main\sys\libcrypto-1_1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2220 -s 108
  2⤵
  PID:2084