6be7345b807e4eeae54cb7311bbf0b402c4bd1dd761ef6e6e913553b4634ded4

Analysis

max time kernel
135s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06-06-2024 06:49

Target

usr/src/trojan-cli/libssl-1_1.dll
Size

516KB
MD5

69d1206050cd471475d5f94d150820d2
SHA1

2e15ac86bc6280bb7529115eb1446ab7960e5eab
SHA256

a08a106af89292f0cd327ceb3f97a38884b59b253efe6df0719ac8f0d6c79be0
SHA512

9c2012b77baaf5c1f7d57ce20438b438cf282fc88745822523c5f90087e69d4aaac13be80e5f27b86e0fe1f83237f334624cb1535fb6ce0e3f1bb8adc0fa7268
SSDEEP

12288:TgRatLEvbk3kFElCctLZ1dM1PCsnVcJkpOLwz2GiuFV9lvOSMmK:Qal4bSk60pOY2GiYV9lvOSMT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3320 wrote to memory of 1512	3320	rundll32.exe	82
PID 3320 wrote to memory of 1512	3320	rundll32.exe	82
PID 3320 wrote to memory of 1512	3320	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\usr\src\trojan-cli\libssl-1_1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3320
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\usr\src\trojan-cli\libssl-1_1.dll,#1
  2⤵
  PID:1512