4db59a0e1bfdc3d12b222f6e2de79dc7ec9670796dcfeffa77aff3d2c0cbbb5f

Analysis

max time kernel
92s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2024, 11:05

Target

GH Injector/GH Injector - x86.dll
Size

412KB
MD5

d4be3b61f2f434f2711cf8c7d16ce573
SHA1

5725621d526d1d2410733b3787d9ff478d6d762a
SHA256

a872bca69d76df5df4a3892443f1ea714b5bb6da2c4503c208003112bbe2eae5
SHA512

e0faee22833c77861a20d7800ff26e9c1c43bd5273e043304c62b40476eac9f0c00964147a626d9f2ed5ef0f78958d58e77856813b4fd8fb224cee3bbcd65a12
SSDEEP

6144:5cnimUQVUY18MTzkZli0u3942lqoRAph0lhSMXlBXBWHOssOdrR0pEW:WUY18MTzsliL3940kph0lhSMXlCOrz

Score

8^/10

Blocklisted process makes network request 1 IoCs

flow	pid	Process
5	3368	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4792	3368	WerFault.exe	87

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 532 wrote to memory of 3368	532	rundll32.exe	87
PID 532 wrote to memory of 3368	532	rundll32.exe	87
PID 532 wrote to memory of 3368	532	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\GH Injector\GH Injector - x86.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:532
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\GH Injector\GH Injector - x86.dll",#1
  2⤵
  - Blocklisted process makes network request
  PID:3368
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 744
    3⤵
    - Program crash
    PID:4792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3368 -ip 3368
1⤵
PID:544