Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 01:27
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.Trojan.PSE.15IBL0F.4925.12680.dll
Resource
win7-20240419-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.Trojan.PSE.15IBL0F.4925.12680.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
SecuriteInfo.com.Win32.Trojan.PSE.15IBL0F.4925.12680.dll
-
Size
672KB
-
MD5
09b82fca458f37a75295eb787f2a0e11
-
SHA1
0b8f81302b93c402f9ac71c0787f1a08af69f903
-
SHA256
7ece4b63b694cb37af788f492305eddd4a77d04fba50260deba306043640c63b
-
SHA512
ed84aaaac78ad878d9a3e83d958212c100f9c0fe87c703a405d42f707b793b9727563ebd939334c7e1607ee020458cfca4e4c5b071948f74a5e4ae3486a579e3
-
SSDEEP
6144:t9gGhOIDALjiOOkG/8iEXdSXp/uLjLSI70i55KQy:t9gpIk7OkG/bEpTx7Vb
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2028 wrote to memory of 2040 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 2040 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 2040 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 2040 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 2040 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 2040 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 2040 2028 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Trojan.PSE.15IBL0F.4925.12680.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Trojan.PSE.15IBL0F.4925.12680.dll,#12⤵