04ec958a0deaa98fe9925e4644c5475b8a4608ad80b7dfc534f84dad446f814f | Triage

Analysis

max time kernel
142s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 21:40

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/installhelper.dll
Size

127KB
MD5

f8463172ea34e0170f31b5813ec49b4c
SHA1

62675090d4fc5b137c8d173b9c71541f0aa906e0
SHA256

65cbfe1fcd6fb0e140dd0e46e1f9a55b789d5ae5a11a14702bfbfc9bc79ea074
SHA512

ae9a7492dfdcae76c6d0ea3bdf08f4868537e118c1c9b0f3715219866bbcb4d85e61bc31440278c954083cf529b8a1bcf4f8ec821f52ec388ebe28749cf62f4e
SSDEEP

3072:UENqXRtTAI52+0RDYxgw6qoDh/V75vm6TCM:loIIM+0ogw65FVxVCM

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1172	rundll32.exe
1172	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4752 wrote to memory of 1172	4752	rundll32.exe	84
PID 4752 wrote to memory of 1172	4752	rundll32.exe	84
PID 4752 wrote to memory of 1172	4752	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\installhelper.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\installhelper.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1172-0-0x0000000000890000-0x0000000000891000-memory.dmp

Filesize
4KB

Download