Overview

overview

10

Static

static

10

EasyHook.dll

windows11-21h2-x64

1

EasyHook32.dll

windows11-21h2-x64

3

EasyHook32Svc.exe

windows11-21h2-x64

3

EasyHook64.dll

windows11-21h2-x64

1

EasyHook64Svc.exe

windows11-21h2-x64

1

EasyHookSvc.exe

windows11-21h2-x64

3

Ionic.Zip.Reduced.dll

windows11-21h2-x64

1

Jint.dll

windows11-21h2-x64

1

NAudio.dll

windows11-21h2-x64

1

Newtonsoft.Json.dll

windows11-21h2-x64

1

Nucleus.Gaming.dll

windows11-21h2-x64

1

Nucleus.Hook32.dll

windows11-21h2-x64

3

Nucleus.Hook64.dll

windows11-21h2-x64

1

Nucleus.IJx64.exe

windows11-21h2-x64

1

Nucleus.IJx86.exe

windows11-21h2-x64

3

Nucleus.SHook32.dll

windows11-21h2-x64

3

Nucleus.SHook64.dll

windows11-21h2-x64

1

NucleusCoop.exe

windows11-21h2-x64

3

ProtoInputHooks32.dll

windows11-21h2-x64

3

ProtoInputHooks64.dll

windows11-21h2-x64

1

ProtoInputHost.exe

windows11-21h2-x64

3

ProtoInputIJ32.exe

windows11-21h2-x64

3

ProtoInputIJ64.exe

windows11-21h2-x64

1

ProtoInputIJP32.dll

windows11-21h2-x64

3

ProtoInputIJP64.dll

windows11-21h2-x64

1

ProtoInput...32.dll

windows11-21h2-x64

3

ProtoInput...64.dll

windows11-21h2-x64

1

ProtoInput...32.dll

windows11-21h2-x64

3

ProtoInput...64.dll

windows11-21h2-x64

1

SharpDX.Di...ut.dll

windows11-21h2-x64

1

SharpDX.XInput.dll

windows11-21h2-x64

1

utils/x360..._3.dll

windows11-21h2-x64

3

Resubmissions

09-08-2024 06:22

240809-g5c3zs1ejc 10

Analysis

  • max time kernel
    1465s
  • max time network
    1479s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09-08-2024 06:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ProtoInputHost.exe

  • Size

    1.1MB

  • MD5

    a92b1a6240030392d6c9c8253749eca4

  • SHA1

    5fbb05dfc40e8a2b747199ca1c414ab2d4f5c6b9

  • SHA256

    333f71c416d7294a2f590743e5ede39d4c57059c9b76d4594c2b0bcb8b8ae26b

  • SHA512

    5b09e317f6cbb6baf95904141fbda48305fbebd4fe45a84e46ec6520c6ae05224ffd11f6461f1ed5aa3df618df4be1e2d5ba31361108d61359c5219b9ba3478f

  • SSDEEP

    24576:od/9zCNjnKRat9z7YHwUlHB2Eu3w932VJEdz0Mo5:od/BWj79zywUlH0A93mJb55

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\ProtoInputHost.exe
    "C:\Users\Admin\AppData\Local\Temp\ProtoInputHost.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2784
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 736
      2⤵
      • Program crash
      PID:4128
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2784 -ip 2784
    1⤵
      PID:4340

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    System Location Discovery

    1
    T1614

    System Language Discovery

    1
    T1614.001

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads