4db59a0e1bfdc3d12b222f6e2de79dc7ec9670796dcfeffa77aff3d2c0cbbb5f | Triage

Analysis

max time kernel
114s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2024, 11:05

Sharing

Report Analysis Logs

General

Target

GH Injector/GH Injector - x64.dll
Size

522KB
MD5

01440d8b015430565abfc50b3519ea67
SHA1

5971d3a83b7c8719b8448cb1cbae562a2b038132
SHA256

501e8a87b3fba8ba951106b6f421e6e9807004ad65cc78a97f279e95f67f4a62
SHA512

f6b712acb8b2ef6ba55ce1d179fd54e511b0cdecf3f7680f25c7ebfddf1a8a64174e67896426cb965005d4889fb108cf673d3358b16d959b8c702914f0a6b0b3
SSDEEP

12288:Frbp6a0F+VdaMtLrZCunAqOph0lhSMXli2/vX:FB6OTTPbEh0lhSMXlpH

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

flow	pid	Process
8	2932	rundll32.exe
9	2932	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 4248	2932	rundll32.exe	94
PID 2932 wrote to memory of 4248	2932	rundll32.exe	94
PID 2932 wrote to memory of 4248	2932	rundll32.exe	94

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\GH Injector\GH Injector - x64.dll",#1
1⤵
- Blocklisted process makes network request
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Users\Admin\AppData\Local\Temp\GH Injector\GH Injector SM - x86.exe
  "GH Injector SM - x86.exe" 1 2c0 2c4
  2⤵
  PID:4248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1404 --field-trial-handle=3488,i,1267426273081718772,6254127258555406296,262144 --variations-seed-version /prefetch:8
1⤵
PID:2068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads