Overview
overview
10Static
static
3Adobe Prem...uK.exe
windows7-x64
10Adobe Prem...uK.exe
windows10-2004-x64
10dllhelper.dll
windows7-x64
3dllhelper.dll
windows10-2004-x64
3dllhelper64.dll
windows7-x64
1dllhelper64.dll
windows10-2004-x64
1AdobeIPCBroker.exe
windows7-x64
3AdobeIPCBroker.exe
windows10-2004-x64
3customhook...ok.exe
windows7-x64
3customhook...ok.exe
windows10-2004-x64
3AdobePIM.dll
windows7-x64
4AdobePIM.dll
windows10-2004-x64
4Core.dll
windows7-x64
3Core.dll
windows10-2004-x64
3resources/...IM.dll
windows7-x64
4resources/...IM.dll
windows10-2004-x64
4Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
23-12-2024 18:59
Static task
static1
Behavioral task
behavioral1
Sample
Adobe Premiere Pro 2022 22.0.0.169 RePack by KpoJIuK.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Adobe Premiere Pro 2022 22.0.0.169 RePack by KpoJIuK.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
dllhelper.dll
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
dllhelper.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
dllhelper64.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
dllhelper64.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
AdobeIPCBroker.exe
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
AdobeIPCBroker.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
customhook/AdobeIPCBrokerCustomHook.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
customhook/AdobeIPCBrokerCustomHook.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
AdobePIM.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
AdobePIM.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Core.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
Core.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
resources/AdobePIM.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
resources/AdobePIM.dll
Resource
win10v2004-20241007-en
General
-
Target
Core.dll
-
Size
816KB
-
MD5
58bf45a10e81ccda54eb44c76a5d039b
-
SHA1
7061b02c29f3ebe6787979ac29614b60557a4257
-
SHA256
69493994c50dac680be2be6f49642670bb0a6576303a83b70b63ec534590496b
-
SHA512
a3c1d88b2f567e06083e406213b42a1f5c78bf6c511edf5aeb48f720cdd8e633201a157375a1d6ecf6990dec0263197a611fdb7e03d2abc0b82beb33779ede74
-
SSDEEP
24576:JLdzOfymt+B/LIPD10RwFV7aE3ILlcrT7fYXL4Rz:RdqhsUPORg7XILlsT7fYXL4Rz
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 684 wrote to memory of 2216 684 rundll32.exe 30 PID 684 wrote to memory of 2216 684 rundll32.exe 30 PID 684 wrote to memory of 2216 684 rundll32.exe 30 PID 684 wrote to memory of 2216 684 rundll32.exe 30 PID 684 wrote to memory of 2216 684 rundll32.exe 30 PID 684 wrote to memory of 2216 684 rundll32.exe 30 PID 684 wrote to memory of 2216 684 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Core.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:684 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Core.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2216
-