060a13671e38ad7d1326fe38ad16fa81ab23a786ccebe22b3983f1a1570750eb

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 04:00 UTC

Target

$PLUGINSDIR/InstallHelper.dll
Size

350KB
MD5

a76886b493c4b88d53cbc6ed78a56d92
SHA1

9b44d0e6279dcdd5d9f7e90f95e32e82cb43354d
SHA256

273d3ec96c92ca9e01a3b0333c851d1d25e8f35920f42b12fc4d7dd8f8dba164
SHA512

91046023a32ec241889c0b56b7ab6bf797d9fe1bb0c123ae266c3be5d76f377b7bceef951454ba4739b05d4ac234cc29cc31fbd00093978598dbd617a88386a7
SSDEEP

6144:WPsiwCi1qeAxkOlWyWdbRXwx/P1QuqEjTcXdYQNvPFQRnTp:WPvO1qeAxkOlWyWdbRXwx/PkEYYsPFQv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 840 wrote to memory of 1112	840	rundll32.exe	28
PID 840 wrote to memory of 1112	840	rundll32.exe	28
PID 840 wrote to memory of 1112	840	rundll32.exe	28
PID 840 wrote to memory of 1112	840	rundll32.exe	28
PID 840 wrote to memory of 1112	840	rundll32.exe	28
PID 840 wrote to memory of 1112	840	rundll32.exe	28
PID 840 wrote to memory of 1112	840	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallHelper.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:840
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallHelper.dll,#1
  2⤵
  PID:1112