Analysis

  • max time kernel
    126s
  • max time network
    160s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/04/2024, 23:58

General

  • Target

    $COMMONFILES/PPLiveNetwork/kernel/PPHookShell.dll

  • Size

    241KB

  • MD5

    f9b346bcfec4605755d4435e8eac34a1

  • SHA1

    f694ece30381ca9dc37e18030454a56a737ce4a4

  • SHA256

    e0596457bec914a3281ad614a23c1c3c11bd9c95ddabf090d68d3bca4854c92a

  • SHA512

    60a17bd0b971690818b26e45ee8ca335e3b1820ac73d229f54b55b2e23acb051a45c00275a5ea1b35ac1caf2d1626fed34f0296fc8d7a41b0139b0aa0e226e7b

  • SSDEEP

    3072:LZFvombK4A6NvgJvcYwUuSaEwTG4SJK7hqmYLzhJR7CIgNldwr73GPAG3StoIZTx:rKI5UcdUuSaEwa4S0qmATpHgNTljIBF

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$COMMONFILES\PPLiveNetwork\kernel\PPHookShell.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2884
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$COMMONFILES\PPLiveNetwork\kernel\PPHookShell.dll,#1
      2⤵
        PID:1568

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads