7ece4b63b694cb37af788f492305eddd4a77d04fba50260deba306043640c63b

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 01:27

Target

SecuriteInfo.com.Win32.Trojan.PSE.15IBL0F.4925.12680.dll
Size

672KB
MD5

09b82fca458f37a75295eb787f2a0e11
SHA1

0b8f81302b93c402f9ac71c0787f1a08af69f903
SHA256

7ece4b63b694cb37af788f492305eddd4a77d04fba50260deba306043640c63b
SHA512

ed84aaaac78ad878d9a3e83d958212c100f9c0fe87c703a405d42f707b793b9727563ebd939334c7e1607ee020458cfca4e4c5b071948f74a5e4ae3486a579e3
SSDEEP

6144:t9gGhOIDALjiOOkG/8iEXdSXp/uLjLSI70i55KQy:t9gpIk7OkG/bEpTx7Vb

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2028 wrote to memory of 2040	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 2040	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 2040	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 2040	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 2040	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 2040	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 2040	2028	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Trojan.PSE.15IBL0F.4925.12680.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2028

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Trojan.PSE.15IBL0F.4925.12680.dll,#1
2⤵
PID:2040