Overview

overview

6

Static

static

1

processhac...in.zip

windows7-x64

6

processhac...in.zip

windows10-2004-x64

1

Analysis

  • max time kernel
    1800s
  • max time network
    1169s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231025-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-11-2023 02:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    processhacker-2.39-bin.zip

  • Size

    3.2MB

  • MD5

    b444cf14642ce9b8d75e079166a5df0b

  • SHA1

    8e8f8423d163d922242b8b7d85427664f77edc97

  • SHA256

    2afb5303e191dde688c5626c3ee545e32e52f09da3b35b20f5e0d29a418432f5

  • SHA512

    915b9f7c0b1374ce52fa9653ba1084741d15ff79dbb7c04d2a0f41eea8262b2f556d451bf9eefbd2d32831289908b6a1b39ce2cbcafbbfc4ae6e71d701b1aa81

  • SSDEEP

    98304:jDqt5TrOmlLB/7rTOqcXfOzJR1qioDLK2EbhQ:3sTrHlB73OqX4ioDfshQ

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\processhacker-2.39-bin.zip
    1⤵
      PID:2660
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
      1⤵
        PID:3004
      • C:\Windows\System32\rundll32.exe
        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        1⤵
          PID:4048
        • C:\Users\Admin\Desktop\x64\ProcessHacker.exe
          "C:\Users\Admin\Desktop\x64\ProcessHacker.exe"
          1⤵
          • Checks processor information in registry
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:1404
        • C:\Windows\system32\svchost.exe
          C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
          1⤵
            PID:952
          • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
            "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb edit "C:\odt\config.xml"
            1⤵
              PID:2648
            • C:\Windows\system32\notepad.exe
              "C:\Windows\system32\notepad.exe"
              1⤵
                PID:1752
              • C:\Windows\System32\NOTEPAD.EXE
                "C:\Windows\System32\NOTEPAD.EXE" C:\Program Files\SearchPop.bat
                1⤵
                  PID:2520

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • memory/2648-24-0x00007FFCACC30000-0x00007FFCACE25000-memory.dmp

                  Filesize

                  2.0MB

                  Download

                • memory/2648-23-0x00007FFC6CCB0000-0x00007FFC6CCC0000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/2648-25-0x00007FFCACC30000-0x00007FFCACE25000-memory.dmp

                  Filesize

                  2.0MB

                  Download

                • memory/2648-26-0x00007FFCAA8B0000-0x00007FFCAAB79000-memory.dmp

                  Filesize

                  2.8MB

                  Download

                • memory/2648-27-0x00007FFC6CCB0000-0x00007FFC6CCC0000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/2648-28-0x00007FFCACC30000-0x00007FFCACE25000-memory.dmp

                  Filesize

                  2.0MB

                  Download