e85b908ad137ab0eca8b3016a21c58f975328ca010cc25ac3ce3f143030a1eac | Triage

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19-01-2024 15:59

Sharing

Report Analysis Logs

General

Target

ArnDox.exe
Size

1001KB
MD5

64cd4303debd618da7d6e84bd1f6d7d7
SHA1

37272b72bb9c366f4596e504fdf364920253b980
SHA256

a13010909faccf75143181d33078aa51db0f150a329a599537ee31dd70b426c5
SHA512

6582d6e686224c0d47da997800487d14de00329c638687249885675276de78d3119e125dde90ca32c34757d6ae795c366862aa0a32aa26470cf66422eed943d0
SSDEEP

12288:jR0/cfOfBYGKEGbtq1eezqJyKzl8YzE4pDa1brr5eXEcuw+OJx:AcfmKEGbtOeJyQQ481bBR4

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1308	ArnDox.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\H@tKeysH@@k.DLL	ArnDox.exe
File created	C:\Windows\SysWOW64\H@tKeysH@@k.DLL	ArnDox.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1308	ArnDox.exe
1308	ArnDox.exe
1308	ArnDox.exe
1308	ArnDox.exe
1308	ArnDox.exe

C:\Users\Admin\AppData\Local\Temp\ArnDox.exe
"C:\Users\Admin\AppData\Local\Temp\ArnDox.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:1308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\H@tKeysH@@k.DLL

Filesize
20KB

MD5
116ec20265b00cfe389518e2a0c7ed81

SHA1
d04c903ef681bb18dbf337ffa7ff2a9ccc8bedd6

SHA256
ef9d09e51c42bc04d48444b2517471ea07f2d8a6a6a2e67dd635b7bf95bf8b7a

SHA512
594f32c4e51a87294bcfa1735254d04d5d43a38ad2ab7a39f7157bac75b959ee327053df79ee2993a8a2f4e9faafb5c8868283ae2bac8745cb916d5565171cef

Download Submit