Analysis
-
max time kernel
120s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
13-01-2024 21:26
Static task
static1
Behavioral task
behavioral1
Sample
LastActivityView.chm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
LastActivityView.chm
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
LastActivityView.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
LastActivityView.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
General
-
Target
LastActivityView.chm
-
Size
19KB
-
MD5
3cfa706aecbfabf73fe8270baa528577
-
SHA1
c70eea1ddfca236d041cf138a3813a04501500d7
-
SHA256
462d2d409228e8d93f3d285472901515728bd843efb0dcbc1e66e6764588a1e0
-
SHA512
3931321b37f3957a2c881cce32f079f3bd7bc7f502e54c39fe7d225ad2b1420ede0f003930e2ef455c0e49fb9de3fb1db0db95e6d7485a36a48927006df1183c
-
SSDEEP
384:0b4M3PJFPc6yLz6G6hZoLUnFKeVRIwT07rg1ygKcU:0b4cP/c6yLz6Gu2UFKeV1T0IMTc
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main hh.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2728 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2728 taskmgr.exe -
Suspicious use of FindShellTrayWindow 37 IoCs
pid Process 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe -
Suspicious use of SendNotifyMessage 36 IoCs
pid Process 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe 2728 taskmgr.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2224 hh.exe 2224 hh.exe
Processes
-
C:\Windows\hh.exe"C:\Windows\hh.exe" C:\Users\Admin\AppData\Local\Temp\LastActivityView.chm1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2224
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2728