Analysis
-
max time kernel
225s -
max time network
228s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
16-11-2022 15:25
Static task
static1
Behavioral task
behavioral1
Sample
pss10r.chm
Resource
win10v2004-20221111-en
2 signatures
300 seconds
Behavioral task
behavioral2
Sample
run.cmd
Resource
win10v2004-20220901-en
2 signatures
300 seconds
Behavioral task
behavioral3
Sample
ver123.dll
Resource
win10v2004-20220812-en
2 signatures
300 seconds
General
-
Target
pss10r.chm
-
Size
392KB
-
MD5
56427f0a59b3143217906b2d2ca54c22
-
SHA1
217bbbf2e8fdbd931e2f9a187ec7acc5d6df4240
-
SHA256
6186cb37b4f79af5ba3cfae14e6cac77890b9ad5c1ecdaf5c586f1d4a18fb736
-
SHA512
43f549658ac009435899fa83180e29f07480dd3845a62515d9903762d61d81e4bfed7d7b1a85b177b22b37b5fdb9821e7144dd97fcda65f458b1a3814b56641f
-
SSDEEP
6144:mWDGvSvzMJP0MFNZQFsI5w3IohQsEuzzH1Skh3j/A4FCR4CKK3xhkio:mQGabxkvqw3BAeH1SkdIyazHhkD
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
hh.exepid process 1188 hh.exe 1188 hh.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
hh.execmd.exedescription pid process target process PID 1188 wrote to memory of 5100 1188 hh.exe cmd.exe PID 1188 wrote to memory of 5100 1188 hh.exe cmd.exe PID 5100 wrote to memory of 1492 5100 cmd.exe mshta.exe PID 5100 wrote to memory of 1492 5100 cmd.exe mshta.exe
Processes
-
C:\Windows\hh.exe"C:\Windows\hh.exe" C:\Users\Admin\AppData\Local\Temp\pss10r.chm1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c start/min mshta %CD%\pss10r.chm2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\mshta.exemshta C:\Users\Admin\AppData\Local\Temp\pss10r.chm3⤵