dbf3490648efe876bd9a98d53e4d9110bf5e02a3914c0dd4b2a48db4a09799b5

Analysis

max time kernel
107s
max time network
249s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22/10/2023, 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoHotkey_1.1.37.01_setup.exe
Size

3.2MB
MD5

cc2ac8fb9dba7dae570e52f12bf6fbcf
SHA1

34e6cf45bd0f84ccf37092594734a803ec8a837a
SHA256

dbf3490648efe876bd9a98d53e4d9110bf5e02a3914c0dd4b2a48db4a09799b5
SHA512

5fc75ae915ce44a69411c81c9b852475acc6a954fd20d3a2f4850dda7b938e921b8a9ebd79ac3987c2a6c7ec9969b5905c73ecc5341e243ce451d625c9bb2626
SSDEEP

49152:C36KvUPsKJeKbkja1ldZuuHZllQLvdfjab8PkDKwunf0015lxxv+T4:CTvqsKJeKbkj4uQrlQBULKwMp15H1+c

Score

7^/10

evasion trojan

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2004	setup.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	setup.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2004	setup.exe
2004	setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1208 wrote to memory of 2004	1208	AutoHotkey_1.1.37.01_setup.exe	88
PID 1208 wrote to memory of 2004	1208	AutoHotkey_1.1.37.01_setup.exe	88
PID 1208 wrote to memory of 2004	1208	AutoHotkey_1.1.37.01_setup.exe	88

C:\Users\Admin\AppData\Local\Temp\AutoHotkey_1.1.37.01_setup.exe
"C:\Users\Admin\AppData\Local\Temp\AutoHotkey_1.1.37.01_setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Users\Admin\AppData\Local\Temp\7z870304B8\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7z870304B8\setup.exe
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Suspicious use of SetWindowsHookEx
  PID:2004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7z870304B8\setup.exe

Filesize
872KB

MD5
c77b957120b4c7b305558aaa420d8506

SHA1
7d1481e6166a8f7fc418bff959c3a358acbc9f12

SHA256
6514485e9132535b7a07e7ed1e0dc0aa0afb50ac8b84b8e1d027e2be97cd4434

SHA512
61a5f44587831ee679898065f36042494de097475aaf64a44a0421cc68c10d03f63a485ec3142405a9424a70468694b2908f320e758bb18e1f8cf82e9079e400

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z870304B8\setup.exe

Filesize
872KB

MD5
c77b957120b4c7b305558aaa420d8506

SHA1
7d1481e6166a8f7fc418bff959c3a358acbc9f12

SHA256
6514485e9132535b7a07e7ed1e0dc0aa0afb50ac8b84b8e1d027e2be97cd4434

SHA512
61a5f44587831ee679898065f36042494de097475aaf64a44a0421cc68c10d03f63a485ec3142405a9424a70468694b2908f320e758bb18e1f8cf82e9079e400

Download Submit
memory/2004-47-0x0000000000BF0000-0x0000000000CF0000-memory.dmp

Filesize
1024KB

Download
memory/2004-48-0x0000000000BF0000-0x0000000000CF0000-memory.dmp

Filesize
1024KB

Download