56da3c1571cc5074929dff704d5b5401cced6a3017e6cf48b9eb4c511bfee970 | Triage

Analysis

max time kernel
72s
max time network
79s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 16:44

Sharing

Report Analysis Logs

General

Target

UltraHook/uh.dll
Size

1.7MB
MD5

dee522e807bdfd9b79db03ff6e90116a
SHA1

249685a1c7aa3b0fb526a3d21d163f41f1881217
SHA256

7461010af30c604682fdda59b421291a4bd13820b9511734b9f850ed286adaf4
SHA512

04fabe0e63dd56a7036e43dea4e19428199e67b5276596f2e28e91a35da3567424c011ffb83d3c76b8958999218321d2a635c50c1b89b6e9035e312775db07c2
SSDEEP

49152:ec8rwpMMsbfSPjz8o3r0NC2qJ1WC2qJ1qoaB9MaB9W:QrwkqLzonqJ1QqJ1qoKaK

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4664 wrote to memory of 4740	4664	rundll32.exe	91
PID 4664 wrote to memory of 4740	4664	rundll32.exe	91
PID 4664 wrote to memory of 4740	4664	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\UltraHook\uh.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\UltraHook\uh.dll,#1
  2⤵
  PID:4740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4264 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:1240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads