Overview

overview

10

Static

static

10

EasyHook.dll

windows11-21h2-x64

1

EasyHook32.dll

windows11-21h2-x64

3

EasyHook32Svc.exe

windows11-21h2-x64

3

EasyHook64.dll

windows11-21h2-x64

1

EasyHook64Svc.exe

windows11-21h2-x64

1

EasyHookSvc.exe

windows11-21h2-x64

3

Ionic.Zip.Reduced.dll

windows11-21h2-x64

1

Jint.dll

windows11-21h2-x64

1

NAudio.dll

windows11-21h2-x64

1

Newtonsoft.Json.dll

windows11-21h2-x64

1

Nucleus.Gaming.dll

windows11-21h2-x64

1

Nucleus.Hook32.dll

windows11-21h2-x64

3

Nucleus.Hook64.dll

windows11-21h2-x64

1

Nucleus.IJx64.exe

windows11-21h2-x64

1

Nucleus.IJx86.exe

windows11-21h2-x64

3

Nucleus.SHook32.dll

windows11-21h2-x64

3

Nucleus.SHook64.dll

windows11-21h2-x64

1

NucleusCoop.exe

windows11-21h2-x64

3

ProtoInputHooks32.dll

windows11-21h2-x64

3

ProtoInputHooks64.dll

windows11-21h2-x64

1

ProtoInputHost.exe

windows11-21h2-x64

3

ProtoInputIJ32.exe

windows11-21h2-x64

3

ProtoInputIJ64.exe

windows11-21h2-x64

1

ProtoInputIJP32.dll

windows11-21h2-x64

3

ProtoInputIJP64.dll

windows11-21h2-x64

1

ProtoInput...32.dll

windows11-21h2-x64

3

ProtoInput...64.dll

windows11-21h2-x64

1

ProtoInput...32.dll

windows11-21h2-x64

3

ProtoInput...64.dll

windows11-21h2-x64

1

SharpDX.Di...ut.dll

windows11-21h2-x64

1

SharpDX.XInput.dll

windows11-21h2-x64

1

utils/x360..._3.dll

windows11-21h2-x64

3

Resubmissions

09-08-2024 06:22

240809-g5c3zs1ejc 10

Analysis

  • max time kernel
    1362s
  • max time network
    1156s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09-08-2024 06:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ProtoInputUtilDynamic32.dll

  • Size

    101KB

  • MD5

    1de4e4f7dc354e03a6f266abc9b8bdff

  • SHA1

    e44fcb9eb0603e8ad2fb298842fe0447b191c8f2

  • SHA256

    8fc9cc273ef3c7a935ad453824455096a3d8999285927c9501492cc440893425

  • SHA512

    a82dfef6266f5c015a57cbaeda5f3eace909073e4ee320c0693978566eabcb8f2f559a31e6606b8238031e3a1170b5e7dcbe3c5a484efc73eeb87bfe6cd58fd7

  • SSDEEP

    768:enwNYBehOueOjgnaDyD2bkCOoDGpTm99h1VcYmZqBy/4KEHK94t8+T1jizgNTLek:enwNCOcnaSxm99hHBt86De2AbQ

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ProtoInputUtilDynamic32.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1368
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ProtoInputUtilDynamic32.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2456
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 504
        3⤵
        • Program crash
        PID:1460
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 352 -p 2456 -ip 2456
    1⤵
      PID:4368

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    System Location Discovery

    1
    T1614

    System Language Discovery

    1
    T1614.001

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads