Analysis
-
max time kernel
1161s -
max time network
1167s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
03/08/2023, 16:32
Static task
static1
Behavioral task
behavioral1
Sample
zhelp.exe
Resource
win10v2004-20230703-en
2 signatures
1800 seconds
General
-
Target
zhelp.exe
-
Size
1.4MB
-
MD5
24b2ffa704066bc9f5221b3b885fb165
-
SHA1
3358f9ddff12cf94c5ce77f4973f95b0e2a273a9
-
SHA256
cfffcdf679e24728a8473a979530f7e193784ced4571830f704f70c407fc0452
-
SHA512
2e11e531bbafcc93c617c2800c96f81a7257d6f4215a7e53ffe7ab3cbf9caf2af6a144f78a3b1d35512f391b589b9b9c00fb6dd5b90333bf6f2541cbc35280d9
-
SSDEEP
24576:Yq9/7n6lbcC8obXs1zj1SqdAGFQZIxsu45UJoeVO:t6+C8or8zjYq+ZIGP5UJoek
Score
10/10
Malware Config
Signatures
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
description pid Process PID 1588 created 0 1588 zhelp.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1588 zhelp.exe 1588 zhelp.exe