b622013c43ce8d926d5adad74ba9364c37d31b8343510e36dc5d43962b6e92dd

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09-06-2024 07:24

Target

$PLUGINSDIR/InstallHelper.dll
Size

312KB
MD5

e13a38e0bf5ec7e8a95b3d2debd170d6
SHA1

6ee4305ccd42970acad7f00bb9aafd0b4be246be
SHA256

00afe265d9bc6af1eee8853d64234ac8e2aa42ad1169a4e8bd39e9a1b75c1cfa
SHA512

bf0a638617a5aaf31cc790adf6c0dad37156d450b92c3a3480bcbb7e682633f7e8de30c4ca5732a6fd023112cdfa106ec920127a50e335473ad4d80a2de8947c
SSDEEP

6144:G7L2Ic0SvVQblZ3KwDK2Zze1paoZKQdtx9tfIpBuFQIn56eae:G7L2Ic0SvVQbjKwD3ze1paoZKQdtx9tk

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 944 wrote to memory of 1676	944	rundll32.exe	28
PID 944 wrote to memory of 1676	944	rundll32.exe	28
PID 944 wrote to memory of 1676	944	rundll32.exe	28
PID 944 wrote to memory of 1676	944	rundll32.exe	28
PID 944 wrote to memory of 1676	944	rundll32.exe	28
PID 944 wrote to memory of 1676	944	rundll32.exe	28
PID 944 wrote to memory of 1676	944	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallHelper.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:944
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallHelper.dll,#1
  2⤵
  PID:1676