c8b54f5014384bcfa4150428159bcdea01d1add62574b018a3be5e5900792b8a

Analysis

max time kernel
25s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-10-2022 16:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8b54f5014384bcfa4150428159bcdea01d1add62574b018a3be5e5900792b8a.chm
Size

32KB
MD5

a1590a68c36312d70e63daef2367d0e0
SHA1

d6b2de6d4e1bda37f1406b1c75127381527207da
SHA256

c8b54f5014384bcfa4150428159bcdea01d1add62574b018a3be5e5900792b8a
SHA512

fc32ff3383b8829af2d8552950724749eff36ba393a825b121347edbf3080742e7523bf1ef5c47ab99453c56279a400dd97dd24a4e0050117581413f3617e85e
SSDEEP

768:rvAoVA4mD+W9pTLqWYc4m16DRPR5YdNrzLw42Z62pZgYqO:rvAoVHg1h5YOUBcwz5u

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	hh.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1240	hh.exe
1240	hh.exe

C:\Windows\hh.exe
"C:\Windows\hh.exe" C:\Users\Admin\AppData\Local\Temp\c8b54f5014384bcfa4150428159bcdea01d1add62574b018a3be5e5900792b8a.chm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1240

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1240-54-0x000007FEFBC41000-0x000007FEFBC43000-memory.dmp

Filesize
8KB

Download
memory/1240-69-0x000007FFFFF90000-0x000007FFFFFA0000-memory.dmp

Filesize
64KB

Download