Analysis

  • max time kernel
    120s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13-11-2024 21:41

General

  • Target

    resources/app.asar.unpacked/node_modules/iohook/builds/electron-v85-win32-x64/build/Release/iohook.dll

  • Size

    156KB

  • MD5

    72d0e43eb061779fdff81523bfcbafb7

  • SHA1

    8771eed6b959a9fff1012828fff4e9d120d07c0a

  • SHA256

    426f0fcaa3e30b37cc92f3ee69e15758c272fa6039f8796582ccf0193b216133

  • SHA512

    7aa6b39f677aaa7d62c10c81b68bd51882501e5f3ac3d2f5ede42565716a3f6a31e0822474171d2a584393c34d41d93c9add9f6b41aaa2f23d2f75dfc0e2e418

  • SSDEEP

    3072:/K6y6eTnEbyz0Gdtyp9Dn1+n3I1mfkVGfuN8vb:/KgbyzDtiZ+n3wNcb

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-x64\build\Release\iohook.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2492
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2492 -s 156
      2⤵
        PID:1240

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads