Overview

overview

7

Static

static

3

Tools/Colo...rs.exe

windows7-x64

1

Tools/Colo...rs.exe

windows10-2004-x64

1

Tools/FSCa...re.exe

windows7-x64

3

Tools/FSCa...re.exe

windows10-2004-x64

3

Tools/FSCa...lp.chm

windows7-x64

1

Tools/FSCa...lp.chm

windows10-2004-x64

1

Tools/FSCa...ir.exe

windows7-x64

1

Tools/FSCa...ir.exe

windows10-2004-x64

1

Tools/FSCa...us.exe

windows7-x64

1

Tools/FSCa...us.exe

windows10-2004-x64

1

Tools/FSCa...er.exe

windows7-x64

3

Tools/FSCa...er.exe

windows10-2004-x64

3

Tools/Hotk...yP.exe

windows7-x64

6

Tools/Hotk...yP.exe

windows10-2004-x64

6

Tools/Hotk...lp.chm

windows7-x64

1

Tools/Hotk...lp.chm

windows10-2004-x64

1

Tools/Hotk...ok.dll

windows7-x64

3

Tools/Hotk...ok.dll

windows10-2004-x64

1

Tools/Hotk...64.dll

windows7-x64

1

Tools/Hotk...64.dll

windows10-2004-x64

1

Tools/Hotk...64.exe

windows7-x64

1

Tools/Hotk...64.exe

windows10-2004-x64

1

Tools/HotkeyP/spy.exe

windows7-x64

1

Tools/HotkeyP/spy.exe

windows10-2004-x64

1

Tools/Mous...nc.exe

windows7-x64

3

Tools/Mous...nc.exe

windows10-2004-x64

3

Tools/Note...d2.bat

windows7-x64

3

Tools/Note...d2.bat

windows10-2004-x64

7

Tools/Note...d2.exe

windows7-x64

1

Tools/Note...d2.exe

windows10-2004-x64

1

Tools/ScreenToGif.exe

windows7-x64

1

Tools/ScreenToGif.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    136s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/10/2023, 16:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Tools/HotkeyP/HotkeyP.exe

  • Size

    344KB

  • MD5

    77ae2171da77ea05d1cbc96a83f1e64c

  • SHA1

    29ff22fc2ec46e1011ce262a4c3f5446c3b7ffa7

  • SHA256

    3cf992880584b44f8d61a1fa9d846c8a1ef10cd5c4b66a8cd5a75c8624d27794

  • SHA512

    f3bf93007be0e7818be746026e47c6a225a45b02d044fae765c81a11268c5d0e0cb4451bb067a35da15a57294108a1f3abf3caadffd505ddddb27b2116572a0a

  • SSDEEP

    6144:j7Chjf2kV+HpCf63AmvIgJTKViMCTV1ZR0qHRciK24XjcUI:sTbV+HpCCwNg4iMWkTk

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Tools\HotkeyP\HotkeyP.exe
    "C:\Users\Admin\AppData\Local\Temp\Tools\HotkeyP\HotkeyP.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:5004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads