6be7345b807e4eeae54cb7311bbf0b402c4bd1dd761ef6e6e913553b4634ded4

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06-06-2024 06:49

Target

usr/src/trojan-cli/vcruntime140.dll
Size

83KB
MD5

0c583614eb8ffb4c8c2d9e9880220f1d
SHA1

0b7fca03a971a0d3b0776698b51f62bca5043e4d
SHA256

6cadb4fef773c23b511acc8b715a084815c6e41dd8c694bc70090a97b3b03fb9
SHA512

79bbf50e38e358e492f24fe0923824d02f4b831336dae9572540af1ae7df162457d08de13e720f180309d537667bc1b108bdd782af84356562cca44d3e9e3b64
SSDEEP

1536:ikqwmvKrSgB91BDJ25Tg/G0G5r4Gt7qNBPS9DH6ecboHjPxu+dBsi6:i3CuavtckJSVqNBPSUecboHjPx/O

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2352	1712	rundll32.exe	28
PID 1712 wrote to memory of 2352	1712	rundll32.exe	28
PID 1712 wrote to memory of 2352	1712	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\usr\src\trojan-cli\vcruntime140.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1712 -s 80
  2⤵
  PID:2352