af7b8e60b4b54f5f85e6b207ac51926cb076aa4319b8e4c72e59b98c85818cae

Analysis

max time kernel
83s
max time network
84s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
01/04/2023, 00:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoHotkey_1.1.36.02_setup.exe
Size

3.2MB
MD5

a8bb29edad96ff3dd023492a569581a8
SHA1

01e344345aa2b036550f657b5bc4a6d91b3ac831
SHA256

af7b8e60b4b54f5f85e6b207ac51926cb076aa4319b8e4c72e59b98c85818cae
SHA512

61583cd38144971bd76b7742670b2e8f78713a2c66bcd8049c99a90191ed9022f9123b4fba6f891f9e6b20a58d7b2444df85421e053235a8e6d08d32b283d06d
SSDEEP

98304:C9h0bMA834/tGqFK0eIYPCwXJWxZYb2z/1o6TqN6Vu:C9h0IA834/tGqiIsxwzNo6TqNsu

Score

7^/10

evasion trojan

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4812	setup.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	setup.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3440	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4812	setup.exe
3440	vlc.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
3440	vlc.exe
3440	vlc.exe
3440	vlc.exe
3440	vlc.exe
3440	vlc.exe
3440	vlc.exe
3440	vlc.exe
3440	vlc.exe
3440	vlc.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
3440	vlc.exe
3440	vlc.exe
3440	vlc.exe
3440	vlc.exe
3440	vlc.exe
3440	vlc.exe
3440	vlc.exe
3440	vlc.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4812	setup.exe
4812	setup.exe
3440	vlc.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3724 wrote to memory of 4812	3724	AutoHotkey_1.1.36.02_setup.exe	84
PID 3724 wrote to memory of 4812	3724	AutoHotkey_1.1.36.02_setup.exe	84
PID 3724 wrote to memory of 4812	3724	AutoHotkey_1.1.36.02_setup.exe	84

C:\Users\Admin\AppData\Local\Temp\AutoHotkey_1.1.36.02_setup.exe
"C:\Users\Admin\AppData\Local\Temp\AutoHotkey_1.1.36.02_setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3724
- C:\Users\Admin\AppData\Local\Temp\7z65628E8C\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7z65628E8C\setup.exe
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4812

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\PopUninstall.mpv2"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3440

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7z65628E8C\setup.exe

Filesize
870KB

MD5
590618fcaa5e7577ae989ab094917e8b

SHA1
9a62241af75b93fa6d77d97464e2f0a592fa940c

SHA256
aa86096bfd7efbe4bcd9a17d2a8378cb8125826863508449720628e2a19f6175

SHA512
9c99d79f0817ff23f70ca8f226ccabd5ca9f225b9a32f96e13539c725c97ef937e85eaf3d3fda739b5b27242b435a820f611aee4afc4dec84286e98baf31ab0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z65628E8C\setup.exe

Filesize
870KB

MD5
590618fcaa5e7577ae989ab094917e8b

SHA1
9a62241af75b93fa6d77d97464e2f0a592fa940c

SHA256
aa86096bfd7efbe4bcd9a17d2a8378cb8125826863508449720628e2a19f6175

SHA512
9c99d79f0817ff23f70ca8f226ccabd5ca9f225b9a32f96e13539c725c97ef937e85eaf3d3fda739b5b27242b435a820f611aee4afc4dec84286e98baf31ab0a

Download Submit
memory/3440-209-0x00007FF667170000-0x00007FF667268000-memory.dmp

Filesize
992KB

Download
memory/3440-210-0x00007FFAE6450000-0x00007FFAE6484000-memory.dmp

Filesize
208KB

Download
memory/3440-211-0x00007FFAE4980000-0x00007FFAE4C34000-memory.dmp

Filesize
2.7MB

Download
memory/3440-212-0x00007FFAE6D60000-0x00007FFAE6D78000-memory.dmp

Filesize
96KB

Download
memory/3440-213-0x00007FFAE62F0000-0x00007FFAE6307000-memory.dmp

Filesize
92KB

Download
memory/3440-214-0x00007FFAE62D0000-0x00007FFAE62E1000-memory.dmp

Filesize
68KB

Download
memory/3440-215-0x00007FFAE6250000-0x00007FFAE6267000-memory.dmp

Filesize
92KB

Download
memory/3440-216-0x00007FFAE6070000-0x00007FFAE6081000-memory.dmp

Filesize
68KB

Download
memory/3440-217-0x00007FFAE6050000-0x00007FFAE606D000-memory.dmp

Filesize
116KB

Download
memory/3440-218-0x00007FFAE5D70000-0x00007FFAE5D81000-memory.dmp

Filesize
68KB

Download
memory/3440-219-0x00007FFAE3FC0000-0x00007FFAE41C0000-memory.dmp

Filesize
2.0MB

Download
memory/3440-220-0x00000245694C0000-0x000002456A56B000-memory.dmp

Filesize
16.7MB

Download
memory/3440-221-0x00007FFAE5B60000-0x00007FFAE5B9F000-memory.dmp

Filesize
252KB

Download
memory/3440-222-0x00007FFAE5D40000-0x00007FFAE5D61000-memory.dmp

Filesize
132KB

Download
memory/3440-223-0x00007FFAE2EF0000-0x00007FFAE2F08000-memory.dmp

Filesize
96KB

Download
memory/3440-224-0x00007FFAE2ED0000-0x00007FFAE2EE1000-memory.dmp

Filesize
68KB

Download
memory/3440-225-0x00007FFAE2EB0000-0x00007FFAE2EC1000-memory.dmp

Filesize
68KB

Download
memory/3440-226-0x00007FFAE2E90000-0x00007FFAE2EA1000-memory.dmp

Filesize
68KB

Download
memory/3440-227-0x00007FFAE2E70000-0x00007FFAE2E8B000-memory.dmp

Filesize
108KB

Download
memory/3440-228-0x00007FFAE2E50000-0x00007FFAE2E61000-memory.dmp

Filesize
68KB

Download
memory/3440-229-0x00007FFAE2E30000-0x00007FFAE2E48000-memory.dmp

Filesize
96KB

Download
memory/3440-230-0x00007FFAE2E00000-0x00007FFAE2E30000-memory.dmp

Filesize
192KB

Download
memory/3440-231-0x00007FFAE2D90000-0x00007FFAE2DF7000-memory.dmp

Filesize
412KB

Download
memory/3440-232-0x00007FFAE2D20000-0x00007FFAE2D8F000-memory.dmp

Filesize
444KB

Download
memory/3440-234-0x00007FFAE2CA0000-0x00007FFAE2CF6000-memory.dmp

Filesize
344KB

Download
memory/3440-235-0x00007FFAE2C70000-0x00007FFAE2C98000-memory.dmp

Filesize
160KB

Download
memory/3440-236-0x00007FFAE2C40000-0x00007FFAE2C64000-memory.dmp

Filesize
144KB

Download
memory/3440-233-0x00007FFAE2D00000-0x00007FFAE2D11000-memory.dmp

Filesize
68KB

Download
memory/3440-237-0x00007FFAE2C20000-0x00007FFAE2C37000-memory.dmp

Filesize
92KB

Download
memory/3440-238-0x00007FFAE2BF0000-0x00007FFAE2C13000-memory.dmp

Filesize
140KB

Download
memory/3440-239-0x00007FFAE2BD0000-0x00007FFAE2BE1000-memory.dmp

Filesize
68KB

Download
memory/3440-240-0x00007FFAE2BB0000-0x00007FFAE2BC2000-memory.dmp

Filesize
72KB

Download
memory/3440-242-0x00007FFAE2B60000-0x00007FFAE2B73000-memory.dmp

Filesize
76KB

Download
memory/3440-243-0x00007FFAE2B40000-0x00007FFAE2B52000-memory.dmp

Filesize
72KB

Download
memory/3440-241-0x00007FFAE2B80000-0x00007FFAE2BA1000-memory.dmp

Filesize
132KB

Download
memory/3440-244-0x00007FFAE2A00000-0x00007FFAE2B3B000-memory.dmp

Filesize
1.2MB

Download
memory/3440-245-0x00007FFAE29D0000-0x00007FFAE29FC000-memory.dmp

Filesize
176KB

Download
memory/3440-246-0x00007FFAE2810000-0x00007FFAE29C2000-memory.dmp

Filesize
1.7MB

Download
memory/3440-247-0x00007FFAE27B0000-0x00007FFAE280C000-memory.dmp

Filesize
368KB

Download
memory/3440-248-0x00007FFAE2790000-0x00007FFAE27A1000-memory.dmp

Filesize
68KB

Download
memory/3440-249-0x00007FFAE26F0000-0x00007FFAE2787000-memory.dmp

Filesize
604KB

Download
memory/3440-250-0x00007FFAE26D0000-0x00007FFAE26E2000-memory.dmp

Filesize
72KB

Download
memory/3440-251-0x00007FFAE2490000-0x00007FFAE26C1000-memory.dmp

Filesize
2.2MB

Download
memory/3440-252-0x00007FFAE2370000-0x00007FFAE2482000-memory.dmp

Filesize
1.1MB

Download
memory/3440-253-0x00007FFAE2330000-0x00007FFAE2365000-memory.dmp

Filesize
212KB

Download
memory/3440-254-0x00007FFAE2300000-0x00007FFAE2325000-memory.dmp

Filesize
148KB

Download
memory/3440-255-0x00007FFAE22E0000-0x00007FFAE22F1000-memory.dmp

Filesize
68KB

Download
memory/3440-256-0x00007FFAE2270000-0x00007FFAE22D1000-memory.dmp

Filesize
388KB

Download
memory/3440-257-0x00007FFAE2250000-0x00007FFAE2261000-memory.dmp

Filesize
68KB

Download
memory/3440-259-0x00007FFAE2210000-0x00007FFAE2223000-memory.dmp

Filesize
76KB

Download
memory/3440-258-0x00007FFAE2230000-0x00007FFAE2242000-memory.dmp

Filesize
72KB

Download
memory/3440-260-0x00007FFAE2170000-0x00007FFAE220F000-memory.dmp

Filesize
636KB

Download
memory/3440-261-0x00007FFAE2150000-0x00007FFAE2161000-memory.dmp

Filesize
68KB

Download
memory/3440-262-0x00007FFAE2040000-0x00007FFAE2142000-memory.dmp

Filesize
1.0MB

Download
memory/3440-264-0x00007FFAE2000000-0x00007FFAE2011000-memory.dmp

Filesize
68KB

Download
memory/3440-265-0x00007FFAE1FE0000-0x00007FFAE1FF1000-memory.dmp

Filesize
68KB

Download
memory/3440-263-0x00007FFAE2020000-0x00007FFAE2031000-memory.dmp

Filesize
68KB

Download
memory/3440-266-0x00007FFAE1FC0000-0x00007FFAE1FD2000-memory.dmp

Filesize
72KB

Download
memory/3440-267-0x00007FFAE1FA0000-0x00007FFAE1FB8000-memory.dmp

Filesize
96KB

Download
memory/3440-268-0x00007FFAE1F80000-0x00007FFAE1F96000-memory.dmp

Filesize
88KB

Download
memory/3440-269-0x00007FFAE1F50000-0x00007FFAE1F79000-memory.dmp

Filesize
164KB

Download
memory/3440-270-0x00007FFAE1F30000-0x00007FFAE1F42000-memory.dmp

Filesize
72KB

Download
memory/3440-272-0x00007FFAE1EF0000-0x00007FFAE1F01000-memory.dmp

Filesize
68KB

Download
memory/3440-271-0x00007FFAE1F10000-0x00007FFAE1F21000-memory.dmp

Filesize
68KB

Download