c789f3686074617e1c909dfa6f93f472e494833c254a2eadb5ba948096412ce7 | Triage

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 14:11

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/setuphelper.dll
Size

425KB
MD5

31cbf1d1fe67d0f2fb06a76c537d9895
SHA1

4ca1882d38ec6ee6008b696366b4c9bb244e28e0
SHA256

7e5ee55ee9c2e482a8d8dadb00665ca2f93db74e95fe40c294f8518247a5f5f5
SHA512

95d8490c41a743f357f84b8b2236f4d6049fa7445e76ddd48f3efdc0fbddb6cc8f4f9dfa288880910eee18529afb85aec190dff728db8c76654c7f6568c06c9a
SSDEEP

12288:SuUj3aX/aS8pFrHBY9+QkO7+ftzFarhE1Rul:Sug3c8p9+YQk2+f/4l

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 2344	1972	rundll32.exe	28
PID 1972 wrote to memory of 2344	1972	rundll32.exe	28
PID 1972 wrote to memory of 2344	1972	rundll32.exe	28
PID 1972 wrote to memory of 2344	1972	rundll32.exe	28
PID 1972 wrote to memory of 2344	1972	rundll32.exe	28
PID 1972 wrote to memory of 2344	1972	rundll32.exe	28
PID 1972 wrote to memory of 2344	1972	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\setuphelper.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\setuphelper.dll,#1
  2⤵
  PID:2344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads