3ecf43ca49c573c3919f98d8a08554fe257a0159b425d5a4afa6958c1425fd0c

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:26

Target

SecuriteInfo.com.Trojan.Mods.1.22249.27747.dll
Size

8KB
MD5

988ef9381430f52d5935522e00776a6d
SHA1

640b6a4764be69f361964d1866ff4f93bce3cd11
SHA256

3ecf43ca49c573c3919f98d8a08554fe257a0159b425d5a4afa6958c1425fd0c
SHA512

daa6940760bc6b24fc8100c7b3e7970bc9c9cde5cd83f318b1020cdb724f8a731a14bd584bf2b65d19d17e4ced76a73407b09bb4ac8a9c016336a090d46b1317
SSDEEP

192:bLHBKpbUD5jKXvR8IoN6NttjL2XbRLe+Ob03z+LRq5Oj:bsbUFKXyI5PtP2XbR2b+u

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2932 wrote to memory of 2996	2932	rundll32.exe	rundll32.exe
PID 2932 wrote to memory of 2996	2932	rundll32.exe	rundll32.exe
PID 2932 wrote to memory of 2996	2932	rundll32.exe	rundll32.exe
PID 2932 wrote to memory of 2996	2932	rundll32.exe	rundll32.exe
PID 2932 wrote to memory of 2996	2932	rundll32.exe	rundll32.exe
PID 2932 wrote to memory of 2996	2932	rundll32.exe	rundll32.exe
PID 2932 wrote to memory of 2996	2932	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Mods.1.22249.27747.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Mods.1.22249.27747.dll,#1
  2⤵
  PID:2996