7ece4b63b694cb37af788f492305eddd4a77d04fba50260deba306043640c63b

Analysis

max time kernel
138s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 01:27

Target

SecuriteInfo.com.Win32.Trojan.PSE.15IBL0F.4925.12680.dll
Size

672KB
MD5

09b82fca458f37a75295eb787f2a0e11
SHA1

0b8f81302b93c402f9ac71c0787f1a08af69f903
SHA256

7ece4b63b694cb37af788f492305eddd4a77d04fba50260deba306043640c63b
SHA512

ed84aaaac78ad878d9a3e83d958212c100f9c0fe87c703a405d42f707b793b9727563ebd939334c7e1607ee020458cfca4e4c5b071948f74a5e4ae3486a579e3
SSDEEP

6144:t9gGhOIDALjiOOkG/8iEXdSXp/uLjLSI70i55KQy:t9gpIk7OkG/bEpTx7Vb

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3044 116 WerFault.exe rundll32.exe

pid	pid_target	process	target process
3044	116	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4264 wrote to memory of 116	4264	rundll32.exe	rundll32.exe
PID 4264 wrote to memory of 116	4264	rundll32.exe	rundll32.exe
PID 4264 wrote to memory of 116	4264	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Trojan.PSE.15IBL0F.4925.12680.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4264

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Trojan.PSE.15IBL0F.4925.12680.dll,#1
2⤵
PID:116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 116 -s 560
3⤵
- Program crash
PID:3044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 116 -ip 116
1⤵
PID:440