Overview
overview
8Static
static
8EES Aprend...ow.chm
windows7-x64
1EES Aprend...ow.chm
windows10-2004-x64
1EES Aprend...on.chm
windows7-x64
1EES Aprend...on.chm
windows10-2004-x64
1EES Aprend...ow.chm
windows7-x64
1EES Aprend...ow.chm
windows10-2004-x64
1EES Aprend...gs.chm
windows7-x64
1EES Aprend...gs.chm
windows10-2004-x64
1EES Aprend...mi.chm
windows7-x64
1EES Aprend...mi.chm
windows10-2004-x64
1EES Aprend...cy.chm
windows7-x64
1EES Aprend...cy.chm
windows10-2004-x64
1EES Aprend...or.chm
windows7-x64
1EES Aprend...or.chm
windows10-2004-x64
1EES Aprend...rs.chm
windows7-x64
1EES Aprend...rs.chm
windows10-2004-x64
1EES Aprend...HX.chm
windows7-x64
1EES Aprend...HX.chm
windows10-2004-x64
1EES Aprend...es.chm
windows7-x64
1EES Aprend...es.chm
windows10-2004-x64
1EES Aprend...ce.doc
windows7-x64
4EES Aprend...ce.doc
windows10-2004-x64
1EES Aprend...ce.pdf
windows7-x64
1EES Aprend...ce.pdf
windows10-2004-x64
1EES Aprend...23.dll
windows7-x64
3EES Aprend...23.dll
windows10-2004-x64
3EES Aprend...lo.dll
windows7-x64
3EES Aprend...lo.dll
windows10-2004-x64
3EES Aprend...rs.chm
windows7-x64
1EES Aprend...rs.chm
windows10-2004-x64
1EES Aprend...es.chm
windows7-x64
1EES Aprend...es.chm
windows10-2004-x64
1Analysis
-
max time kernel
128s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
12-03-2023 20:06
Behavioral task
behavioral1
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Convection/external_flow.chm
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Convection/external_flow.chm
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Convection/free_convection.chm
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Convection/free_convection.chm
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Convection/internal_flow.chm
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Convection/internal_flow.chm
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Convection/regenerator_packings.chm
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Convection/regenerator_packings.chm
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Emissivity/Emissivity_TotHemi.chm
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Emissivity/Emissivity_TotHemi.chm
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Fin Efficiency/fin efficiency.chm
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Fin Efficiency/fin efficiency.chm
Resource
win10v2004-20230221-en
Behavioral task
behavioral13
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Fouling Factors/FoulingFactor.chm
Resource
win7-20230220-en
Behavioral task
behavioral14
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Fouling Factors/FoulingFactor.chm
Resource
win10v2004-20230220-en
Behavioral task
behavioral15
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Heat Exchangers/Heat Exchangers.chm
Resource
win7-20230220-en
Behavioral task
behavioral16
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Heat Exchangers/Heat Exchangers.chm
Resource
win10v2004-20230220-en
Behavioral task
behavioral17
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Heat Exchangers/NumericalHX.chm
Resource
win7-20230220-en
Behavioral task
behavioral18
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Heat Exchangers/NumericalHX.chm
Resource
win10v2004-20230220-en
Behavioral task
behavioral19
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Minor Losses/minor losses.chm
Resource
win7-20230220-en
Behavioral task
behavioral20
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Minor Losses/minor losses.chm
Resource
win10v2004-20230221-en
Behavioral task
behavioral21
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Radiation Properties/gas emittance.doc
Resource
win7-20230220-en
Behavioral task
behavioral22
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Radiation Properties/gas emittance.doc
Resource
win10v2004-20230220-en
Behavioral task
behavioral23
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Radiation Properties/gas emittance.pdf
Resource
win7-20230220-en
Behavioral task
behavioral24
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Radiation Properties/gas emittance.pdf
Resource
win10v2004-20230220-en
Behavioral task
behavioral25
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Radiation View Factors/F3d7123.dll
Resource
win7-20230220-en
Behavioral task
behavioral26
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Radiation View Factors/F3d7123.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral27
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Radiation View Factors/MonteCarlo.dll
Resource
win7-20230220-en
Behavioral task
behavioral28
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Radiation View Factors/MonteCarlo.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral29
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Radiation View Factors/view factors.chm
Resource
win7-20230220-en
Behavioral task
behavioral30
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Radiation View Factors/view factors.chm
Resource
win10v2004-20230220-en
Behavioral task
behavioral31
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Reference Tables/Reference Tables.chm
Resource
win7-20230220-en
Behavioral task
behavioral32
Sample
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Reference Tables/Reference Tables.chm
Resource
win10v2004-20230220-en
General
-
Target
EES Aprende.Química.e.Ingeniería.con.Toño/Userlib/Heat Transfer/Convection/external_flow.chm
-
Size
224KB
-
MD5
99b8ed571c9749c287c24cef11eadce5
-
SHA1
688c0d0441fd27f0fadcb357d0d78fcc575f4e99
-
SHA256
c7b511dd61e2d8dbc21fb92c2308e1bf20092f2ca1661b01a67d385a0248b777
-
SHA512
752fd54094b2494f47fe80562c5defc44d4691bfa1d0e1a10c8944e10d7ff7b543cd37f961d3a3fa1dbc7d15268503828bae0f2dea8a2b8b0879424b66af07fd
-
SSDEEP
3072:94Xzr9nJn/cLv9tke1ooVEw6S10NkBfKeUKtABVQzEB8wilQUcEzs4zUOrjMPurS:9Er0v9L1owP6SKNaKeUHfBsJzsVs0v
Malware Config
Signatures
-
Processes:
hh.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main hh.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
hh.exepid process 1628 hh.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 1408 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1408 AUDIODG.EXE Token: 33 1408 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1408 AUDIODG.EXE -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
hh.exepid process 1628 hh.exe 1628 hh.exe 1628 hh.exe
Processes
-
C:\Windows\hh.exe"C:\Windows\hh.exe" "C:\Users\Admin\AppData\Local\Temp\EES Aprende.Química.e.Ingeniería.con.Toño\Userlib\Heat Transfer\Convection\external_flow.chm"1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1628
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5141⤵
- Suspicious use of AdjustPrivilegeToken
PID:1408
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:1296