7cedcafff2b1816fc75c88d637146528e30b394df3cfe88422ac262501ccf9f6

Analysis

max time kernel
141s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 14:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

teknohelper.exe
Size

510KB
MD5

4339795008360bf76f0e7bb321878389
SHA1

8863602dc9020bce3a6b21bf85a59dc31d6ab89f
SHA256

29e210e1f6a7f90fb72b0ccb423ca3d0340623cf03a1a10e539d16c4cd74ec69
SHA512

c6cd660b6e7a0b887400fda79f6ade88fa92cd966bd7b793d34fb18b1c2b998ba7c70f4462bc8812b95a75d3e7922f98256face31f89e41a132b1603b3446964
SSDEEP

12288:1vhSyILJ5bnwuLL9nNdn9Ry7glTugHQu5qt1Q3Lq5KXk2jqRay0:JgyILJNndX9n3LJUgFoKcRay0

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral3/memory/2020-52-0x0000000000400000-0x00000000004B2000-memory.dmp	autoit_exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	teknohelper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2020	teknohelper.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2020	teknohelper.exe
2020	teknohelper.exe

C:\Users\Admin\AppData\Local\Temp\teknohelper.exe
"C:\Users\Admin\AppData\Local\Temp\teknohelper.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\disable.gif

Filesize
95B

MD5
17ed44fbb41d2582e5fdce0cf8f6f5c8

SHA1
ef2e3d9a288279bf8f9aa8a90632c36e03cf0dd4

SHA256
94d67732be172a0f16383fe05b711419adaf847873f0a8786262d42a4eb65b32

SHA512
865e5f71b517c79f196b4b90d6208120ae62c092a14eb4e4bbb508db4c9f73b191ed29e967658c26ac81902890188f2ea921a7baa43fac89e46cf5b893287ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\logox.gif

Filesize
28KB

MD5
0e9addb0fb4415daaf68cfb63377bde9

SHA1
d25e042177906c8c9800f206bea3e3af8be7701d

SHA256
fa64a812e738a1d69946fac117cd94cd34a0ae57d396fccbc849f3a87ace184d

SHA512
875a3f42ad4e6845506f5ffafef8848ea369ec07af1b4da7329269a6a488097e26f380a4fb2f75da67adbbcca5a1019ed7195f04e6980138f1761fd62cc0c4a5

Download Submit
memory/2020-0-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/2020-1-0x0000000000130000-0x0000000000133000-memory.dmp

Filesize
12KB

Download
memory/2020-52-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/2020-54-0x0000000000130000-0x0000000000133000-memory.dmp

Filesize
12KB

Download