e894184733d69b74dfee1cfbd65e3f67409f619c14021df459270e1c2ca1f46a

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 13:04

Target

$PLUGINSDIR/installhelper.dll
Size

14KB
MD5

ff5a82071907bc0846a752a93116049d
SHA1

84d3f9d70b65738d14d27f0eec94358dc0eb5b87
SHA256

0936ab601a70633041034ff7fb846a6cc3c0a25874e20b69fee99f5c798c2eb6
SHA512

89863224464ac2eb623b4cec5c55525838d04cb51b9057d80d43800c50e2cfc697e5b337836dedeb4c942d9f731dbc2a5c901633b0f391893f26800180d5f3ce
SSDEEP

192:MtGZOIbntLtOHJXWSGngME0P++geM/79xd+FSU3/0gSdCKqa9Ow0VxCBDm5XBnSv:MGnJQHg60w7nGSU3MgSEXasFkBDTs1O

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 2188	1108	rundll32.exe	28
PID 1108 wrote to memory of 2188	1108	rundll32.exe	28
PID 1108 wrote to memory of 2188	1108	rundll32.exe	28
PID 1108 wrote to memory of 2188	1108	rundll32.exe	28
PID 1108 wrote to memory of 2188	1108	rundll32.exe	28
PID 1108 wrote to memory of 2188	1108	rundll32.exe	28
PID 1108 wrote to memory of 2188	1108	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\installhelper.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\installhelper.dll,#1
  2⤵
  PID:2188