2b816a4b0067dfb42956a7f0c31529a14f8b5e9670719c33e9a7fdd964fa08f5

Resubmissions

25-07-2023 12:37

25-07-2023 12:29

max time kernel
475s
max time network
539s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
25-07-2023 12:37

Target

helper_web_ui.exe
Size

5.0MB
MD5

9c007b9613e66049b29fe4061ae92b64
SHA1

fdd3add899f870e21adfc37f7875c3a5d74d8ddf
SHA256

2b816a4b0067dfb42956a7f0c31529a14f8b5e9670719c33e9a7fdd964fa08f5
SHA512

52287e1071ee283ae93b25da3c22f1fe032860226f0a3cc4c172426f39d922bd93a94df9d9cc0dc6999031d6d032518e9af6be0be3e6efc943b7043b40cfde75
SSDEEP

98304:j4xqHQC5R/aH+3jT9fPxNG3WK3zLHYb7SQb1b9SGbwtA6qFOU9JfmEMOaOiOOklE:0xqwC//C+3jJPS3N334Hb1UGbwy6qF2L

Score

5^/10

Drops file in System32 directory 1 IoCs

Processes:

svchost.exe

description	ioc	process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{23E58BE3-05DE-48B9-8CA8-65343076ABBB}.catalogItem	svchost.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

helper_web_ui.exe

pid process

3792 helper_web_ui.exe
3792 helper_web_ui.exe

pid	process
3792	helper_web_ui.exe
3792	helper_web_ui.exe

C:\Users\Admin\AppData\Local\Temp\helper_web_ui.exe
"C:\Users\Admin\AppData\Local\Temp\helper_web_ui.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3792

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:4008