Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/10/2024, 04:07

General

  • Target

    $PLUGINSDIR/PPHookShell.dll

  • Size

    241KB

  • MD5

    f9b346bcfec4605755d4435e8eac34a1

  • SHA1

    f694ece30381ca9dc37e18030454a56a737ce4a4

  • SHA256

    e0596457bec914a3281ad614a23c1c3c11bd9c95ddabf090d68d3bca4854c92a

  • SHA512

    60a17bd0b971690818b26e45ee8ca335e3b1820ac73d229f54b55b2e23acb051a45c00275a5ea1b35ac1caf2d1626fed34f0296fc8d7a41b0139b0aa0e226e7b

  • SSDEEP

    3072:LZFvombK4A6NvgJvcYwUuSaEwTG4SJK7hqmYLzhJR7CIgNldwr73GPAG3StoIZTx:rKI5UcdUuSaEwa4S0qmATpHgNTljIBF

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\PPHookShell.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4416
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\PPHookShell.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4512

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads