Analysis

  • max time kernel
    1161s
  • max time network
    1167s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/08/2023, 16:32

General

  • Target

    zhelp.exe

  • Size

    1.4MB

  • MD5

    24b2ffa704066bc9f5221b3b885fb165

  • SHA1

    3358f9ddff12cf94c5ce77f4973f95b0e2a273a9

  • SHA256

    cfffcdf679e24728a8473a979530f7e193784ced4571830f704f70c407fc0452

  • SHA512

    2e11e531bbafcc93c617c2800c96f81a7257d6f4215a7e53ffe7ab3cbf9caf2af6a144f78a3b1d35512f391b589b9b9c00fb6dd5b90333bf6f2541cbc35280d9

  • SSDEEP

    24576:Yq9/7n6lbcC8obXs1zj1SqdAGFQZIxsu45UJoeVO:t6+C8or8zjYq+ZIGP5UJoek

Score
10/10

Malware Config

Signatures

  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\zhelp.exe
    "C:\Users\Admin\AppData\Local\Temp\zhelp.exe"
    1⤵
    • Suspicious use of NtCreateUserProcessOtherParentProcess
    • Suspicious behavior: EnumeratesProcesses
    PID:1588

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1588-134-0x0000000075280000-0x0000000075511000-memory.dmp

          Filesize

          2.6MB