Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
167s -
max time network
175s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
23/11/2022, 18:05
Static task
static1
Behavioral task
behavioral1
Sample
355b2f477eb54a8efc4b2a5fe930650b7c2982190b298d1579f2b4b1daa80a0e.exe
Resource
win7-20221111-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
355b2f477eb54a8efc4b2a5fe930650b7c2982190b298d1579f2b4b1daa80a0e.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
355b2f477eb54a8efc4b2a5fe930650b7c2982190b298d1579f2b4b1daa80a0e.exe
-
Size
172KB
-
MD5
50d48101cc4f0a4c8df9d67a82fa6736
-
SHA1
6ed7dd5d7f6f2b7a8314b8243e4b47cacefcef61
-
SHA256
355b2f477eb54a8efc4b2a5fe930650b7c2982190b298d1579f2b4b1daa80a0e
-
SHA512
379fea762e2b1a5b14a95704d26984d8fc0337f61a4919faff64c3da38ac1876f22fef542942069ad4acbf6b3f839680bc6c183f0baea7cc91b0a5aaeac87d4e
-
SSDEEP
3072:RmFonoVD8oSx/mvXAFIFR7Nzim04f1fhLOG7GQiCLMt8Xt/Wv6mgem:RwoUD8oSx/mvXAFIFR7N7DfhhLOG7GQe
Score
10/10
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" hhhooy.exe -
Executes dropped EXE 1 IoCs
pid Process 4632 hhhooy.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation 355b2f477eb54a8efc4b2a5fe930650b7c2982190b298d1579f2b4b1daa80a0e.exe -
Adds Run key to start application 2 TTPs 52 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /b" hhhooy.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Windows\CurrentVersion\Run\ hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /n" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /d" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /B" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /M" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /Y" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /Z" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /i" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /S" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /o" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /N" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /y" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /t" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /p" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /X" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /e" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /O" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /c" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /D" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /H" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /P" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /z" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /L" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /Q" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /C" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /f" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /a" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /q" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /u" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /J" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /j" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /G" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /K" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /A" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /I" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /h" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /R" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /l" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /W" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /g" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /v" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /V" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /r" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /F" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /s" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /x" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /U" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /T" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /w" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /m" hhhooy.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhhooy = "C:\\Users\\Admin\\hhhooy.exe /k" hhhooy.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe 4632 hhhooy.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4544 355b2f477eb54a8efc4b2a5fe930650b7c2982190b298d1579f2b4b1daa80a0e.exe 4632 hhhooy.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4544 wrote to memory of 4632 4544 355b2f477eb54a8efc4b2a5fe930650b7c2982190b298d1579f2b4b1daa80a0e.exe 79 PID 4544 wrote to memory of 4632 4544 355b2f477eb54a8efc4b2a5fe930650b7c2982190b298d1579f2b4b1daa80a0e.exe 79 PID 4544 wrote to memory of 4632 4544 355b2f477eb54a8efc4b2a5fe930650b7c2982190b298d1579f2b4b1daa80a0e.exe 79 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78 PID 4632 wrote to memory of 4544 4632 hhhooy.exe 78
Processes
-
C:\Users\Admin\AppData\Local\Temp\355b2f477eb54a8efc4b2a5fe930650b7c2982190b298d1579f2b4b1daa80a0e.exe"C:\Users\Admin\AppData\Local\Temp\355b2f477eb54a8efc4b2a5fe930650b7c2982190b298d1579f2b4b1daa80a0e.exe"1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4544 -
C:\Users\Admin\hhhooy.exe"C:\Users\Admin\hhhooy.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4632
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
172KB
MD578a3eeed362a46e8de0b639c72f84d2d
SHA1070ba930e5f8b6b5df45410d9b5c7a1985a0d400
SHA2565b16ade0c7c1e0eba1e7ec7cb3413f00bfe770bd5792d12e0d189324bf9b0408
SHA512ea656b7f6ca8ae4ad1a8390f766722567229e17a046284c6f22f18344f951634a69c47b1f0fa7ddae20af05e523aa0dbdf657d9db2b66b0f026ddd9d18be64b3
-
Filesize
172KB
MD578a3eeed362a46e8de0b639c72f84d2d
SHA1070ba930e5f8b6b5df45410d9b5c7a1985a0d400
SHA2565b16ade0c7c1e0eba1e7ec7cb3413f00bfe770bd5792d12e0d189324bf9b0408
SHA512ea656b7f6ca8ae4ad1a8390f766722567229e17a046284c6f22f18344f951634a69c47b1f0fa7ddae20af05e523aa0dbdf657d9db2b66b0f026ddd9d18be64b3