Overview

overview

4

Static

static

AutoKeyCli....4.exe

windows7-x64

1

AutoKeyCli....4.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    143s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2022, 15:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    AutoKeyClicker v1.2.4.exe

  • Size

    77KB

  • MD5

    13442c7e1d7bc3d95ef542fca0f66f75

  • SHA1

    d686840c2e211679b08e1d708ea8689f38f91cb8

  • SHA256

    656fcd08ff71f9bd1f5b84159e8eb2bd25f154b251b91c4e7ec7a4a7892c4a1d

  • SHA512

    f6f33a3fc3c58ee1a92b137d21d87b77b64028f31c1b224f7fbd4beeae16a6cbdfbd5ed53e6529a23995e4b1a79e17c84b023fa63fcb259385912de8beee11d4

  • SSDEEP

    1536:vVgqI2sqvMHDv5JCZ/00GP8tlEe43nzNG667N6oT7gkffOII:N1AjBJCd00GPelEe43nza4oT8yfOII

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AutoKeyClicker v1.2.4.exe
    "C:\Users\Admin\AppData\Local\Temp\AutoKeyClicker v1.2.4.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:1800
  • C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -pss -s 460 -p 384 -ip 384
    1⤵
      PID:4236
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 384 -s 860
      1⤵
      • Program crash
      PID:3100
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
      1⤵
        PID:3012
      • C:\Windows\explorer.exe
        C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        PID:3660
      • C:\Windows\system32\mspaint.exe
        "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\InitializeSuspend.rle"
        1⤵
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:716
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
        1⤵
          PID:3120

        Network

              MITRE ATT&CK Enterprise v6

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/1800-132-0x0000000000E20000-0x0000000000E3A000-memory.dmp

                Filesize

                104KB

                Download

              • memory/1800-133-0x0000000005690000-0x000000000572C000-memory.dmp

                Filesize

                624KB

                Download

              • memory/1800-134-0x0000000005D70000-0x0000000006314000-memory.dmp

                Filesize

                5.6MB

                Download

              • memory/1800-135-0x0000000005860000-0x00000000058F2000-memory.dmp

                Filesize

                584KB

                Download

              • memory/1800-136-0x0000000005730000-0x000000000573A000-memory.dmp

                Filesize

                40KB

                Download

              • memory/1800-137-0x00000000057C0000-0x0000000005816000-memory.dmp

                Filesize

                344KB

                Download