Analysis
-
max time kernel
110s -
max time network
123s -
resource
win7v191014
Task
task1
Sample
59770ba956ec114265909d9fe97546052c7c7c322e58228e3de2341629ff3c5d.exe
Resource
win7v191014
0 signatures
Task
task2
Sample
59770ba956ec114265909d9fe97546052c7c7c322e58228e3de2341629ff3c5d.exe
Resource
win10v191014
0 signatures
General
-
Target
59770ba956ec114265909d9fe97546052c7c7c322e58228e3de2341629ff3c5d
-
Sample
191025-3a5e1pmfkx
-
SHA256
59770ba956ec114265909d9fe97546052c7c7c322e58228e3de2341629ff3c5d
Score
N/A
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1320 InternalAHK.exe -
Loads dropped DLL 2 IoCs
pid Process 1384 59770ba956ec114265909d9fe97546052c7c7c322e58228e3de2341629ff3c5d.exe 1320 InternalAHK.exe -
Suspicious use of WriteProcessMemory 1 IoCs
description pid Process procid_target PID 1384 wrote to memory of 1320 1384 59770ba956ec114265909d9fe97546052c7c7c322e58228e3de2341629ff3c5d.exe 26 -
Executes dropped EXE 1 IoCs
pid Process 1320 InternalAHK.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1320 InternalAHK.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\59770ba956ec114265909d9fe97546052c7c7c322e58228e3de2341629ff3c5d.exe"C:\Users\Admin\AppData\Local\Temp\59770ba956ec114265909d9fe97546052c7c7c322e58228e3de2341629ff3c5d.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1384
-
C:\Users\Admin\AppData\Local\Temp\7zS76B4.tmp\InternalAHK.exe.\InternalAHK.exe /CP65001 $SETUP1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Loads dropped DLL
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1320