6f856e8def398a19848dd7642e86a67eb6dccd1be63302abdf6a9715187191db

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 04:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f91615b8db0ce53bcf288a4d3358237.exe
Size

84KB
MD5

4f91615b8db0ce53bcf288a4d3358237
SHA1

e003f7b283535dbd421e75071b8b9a4f46aace47
SHA256

6f856e8def398a19848dd7642e86a67eb6dccd1be63302abdf6a9715187191db
SHA512

f943a28d37ca34236c2f5f53b65d59cd3c0fa5b3b9a26c00abda4567708b4886b3167c04b00a3b7191260e9fcb3d3941109c96bc65b8f8500678fad19a38dee6
SSDEEP

1536:4hLPpTFsdgfVTWoz4uSBrTEV8p9MtjeFAo:4NPpadCVTWoz4uWwBtyFAo

Score

7^/10

persistence

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2316	4f91615b8db0ce53bcf288a4d3358237.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mhs2 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\4f91615b8db0ce53bcf288a4d3358237.exe"	4f91615b8db0ce53bcf288a4d3358237.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2316	4f91615b8db0ce53bcf288a4d3358237.exe
2316	4f91615b8db0ce53bcf288a4d3358237.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2316	4f91615b8db0ce53bcf288a4d3358237.exe

C:\Users\Admin\AppData\Local\Temp\4f91615b8db0ce53bcf288a4d3358237.exe
"C:\Users\Admin\AppData\Local\Temp\4f91615b8db0ce53bcf288a4d3358237.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\mhs2.dll

Filesize
44KB

MD5
ced383d363fd6ae89b29daec251e1ef9

SHA1
f7010c8ffcb470e43411acb82f10f7a157fde45e

SHA256
0044357ed10dc8083b80aa13af68e974856fe9d8853700a7649fb21b75690d17

SHA512
04f287f3625eb8dc906c24359224e505a6ace461acc2a956a81a71ef48d70d68399a68f464a254d3edb4ae68c909e1c8988c4bd87aaf3f0c6cb06d4c995ef5a7

Download Submit