Overview

overview

5

Static

static

5

OneKeyGhost.exe

windows10-2004-x64

3

OneKeyGhost.exe

windows11-21h2-x64

3

Analysis

  • max time kernel
    47s
  • max time network
    54s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-03-2024 07:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    OneKeyGhost.exe

  • Size

    6.2MB

  • MD5

    5d07ecd2bbbe66344bc49c8492ed6cda

  • SHA1

    1542bf1e40a5c77640ac7b7e545fd78595642576

  • SHA256

    9ebe9a73fdcf512396f5d21efd3be78b569e8fb7fc95ad5506aa513ac50e905c

  • SHA512

    2092130f95130bdb85076b0c3e9b9806d5a4e03f59cce0a1bd345ed725dbe3f8e23c09db9289e9a0d7c05d450bd9314dd49670da1f8b1303f130919f31e05748

  • SSDEEP

    98304:NdnV1EWJNp+KOInAqAAyIaqARf16jtRKan1IttFjbg6KMHttsbqfbvyPC:jbXp+KO3qSIK8vKa1UjTXKa

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 11 IoCs
  • Suspicious use of SendNotifyMessage 10 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\OneKeyGhost.exe
    "C:\Users\Admin\AppData\Local\Temp\OneKeyGhost.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" http://HanGulHwa.Tistory.Com
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2284
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://HanGulHwa.Tistory.Com
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2108
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:4332
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3672 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4336

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\J7987DH6\hangulhwa.tistory[1].xml
      Filesize

      13B

      MD5

      c1ddea3ef6bbef3e7060a1a9ad89e4c5

      SHA1

      35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

      SHA256

      b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

      SHA512

      6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\j7c4o4u\imagestore.dat
      Filesize

      4KB

      MD5

      c6bd45ff8200c3cb3b22cd9fa752cd6d

      SHA1

      2370bc5e93358caa80371890487ab2daadface73

      SHA256

      34d6e473e56c42e8051f4172ef7c8be43f495ead9526b3cb1764c41cb4bfa9b5

      SHA512

      3cd8f082eaa2cb9b40fa42d10515ca5ea3b5f3d1a69dab3a0df6793612de538952ce3cbc6d9343fe287c34c7a5d2fcf133b0648f04821c3b77b7a698d3ccdd6e

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\font[1].css
      Filesize

      3KB

      MD5

      3b3cf804180bdddd0ecdfca0e39db4f7

      SHA1

      ef787e9d2b27c082cc4878fabfcb3d006e6e5da6

      SHA256

      3563b44ed2c879ca7159a585dae497782fa96aa8ded22200e6abc983426fff28

      SHA512

      00dd66612d25d76ad1d6b89d25657828bae42dec94233c7a5e7f47138a412ac1437f45c8715c72fc23a201d70b7ca095e06527e8c599f25d5daba2862046f373

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\jquery-3.5.1.min[1].js
      Filesize

      87KB

      MD5

      dc5e7f18c8d36ac1d3d4753a87c98d0a

      SHA1

      c8e1c8b386dc5b7a9184c763c88d19a346eb3342

      SHA256

      f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

      SHA512

      6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\lightbox-v2.10.0.min[1].js
      Filesize

      9KB

      MD5

      2060226627b30fece1b8afafa6fdc860

      SHA1

      304017a14035d7be5c2e742bd4418f723c78a197

      SHA256

      ead2ac6c9ebecb8129dcdc6acc336dda0c85ba97f2b7a8625baa9c43115e5158

      SHA512

      8a101ed99c93e1a9f2972389d3eaf00ca90cac45f8ee1861bd4f35cc1b2f935ebb35c269ca6c2445eb4e22d876079c8bf8451445e2c06c6c841a058ea27e2a5c

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\script[1].js
      Filesize

      9KB

      MD5

      7dd6d5da8ee54162d4577d2b085abb4f

      SHA1

      2f1528cabcdf835e1ab7721603080ab1abaa65df

      SHA256

      0861cae12d950e56a44f48576f204c03c229849c454434387f6a378fa7924ef3

      SHA512

      4efcad049f01258a6a4e0529e6866339f752f8c4557c86d9aa0c8837f5e732caf146c038c9cb6ce3f3e5c7bbdebb38c6e7cb505971644e3bfe281feb02b2d4d2

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\NotoSansCJKkr-DemiLight[1].woff
      Filesize

      264KB

      MD5

      8eec484903a217011d08c9c96367492a

      SHA1

      641eebc779554f6c9d024cc9d747316b02572bf7

      SHA256

      b21ddadf4b265e5c9a3456af74ac2f7669890e5f38defadba14f3c5f29070da5

      SHA512

      0f03deebb99b2505185f6e6e4ea217ab1b63b43351d11f4b17c3429e60e4f3de5f13cd5e7f65818ee68b4942fb990aec02103e955a02a09e3dfd6ac1968e531a

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\lightbox.min[1].css
      Filesize

      2KB

      MD5

      767938d77eef356b1ba76c3897384948

      SHA1

      27f77d2a57bee715732b0fe219baa62768544a90

      SHA256

      6ae3e827093ff912ba2929226fdd8392ad58e6112466f2adbd2c2e72cd794a48

      SHA512

      1087b2cfc8f28052eeaf3e1104982d6f6c41711eee196b3a1abeaaca03e8c06d77bd895821a967e45c87f8337e75ade3c0fb5bdc3abea4b03dc9347eb81dc562

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\style[1].css
      Filesize

      8KB

      MD5

      8118220054fa3b68492357866e7ba356

      SHA1

      d9359282f6462d03601ee9b6ca50e7eb28cb4792

      SHA256

      cb565be254fe7f3ed2136fc96b396c91da40fd6204ffc1a44c3b95cf6a72e794

      SHA512

      19149354e6567bcb0b16b0ebf16a964529430b97d4bb73bb8158468ced71d9989bf472d100e2bacfeb4aa184186f27030251df9246512bf0eac2072a98e032e1

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\style[2].css
      Filesize

      883B

      MD5

      03f0955105b1fa82e1690ecd0242dbd3

      SHA1

      7ef140eb79b4ac95bb0daa5022e0169c90696179

      SHA256

      f376f4cf8128bf4865e497b9d23d1b90782ddde262dd6de0f7f0c5fc2a9090c8

      SHA512

      a2530c64f1d23178c84b11aef17a18f697aafca55398df3e0dd4a2986d38352539a88b5298ae7b73076a52e89d94f69e8a6553973a2744187701ea4d4c4d456c

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\tiara.min[1].js
      Filesize

      20KB

      MD5

      c54c0619ec406c88e6a97cc666939cd8

      SHA1

      1a3d9341c21c787a972521f68da7c3d78d078f42

      SHA256

      e0040fd579ea59d92a07dd4d74630e47a4de99be335976cd84bc435d3bdd8324

      SHA512

      9f265907ed8337d60a299c14889b88504cd8edbd308f6106898a8cc6eef394088350affc6b4c426f3b8de922728ecb250132afce4917d8bd2d3918c331bdd6b3

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\tistory_favicon_32x32[1].ico
      Filesize

      4KB

      MD5

      bdbdc5b21dc1a6bf5b26479014363ec7

      SHA1

      10630737f9f5f44c6389ed65a3efda9bd0e8e23b

      SHA256

      c4ee389532afe468933301fd78d593299e531c6a0b0a7c0314b4257db3f3dc38

      SHA512

      1d1ff1ff165b6a4d6dd59c1e6f2fdbc61d498c10755103499dcd722c93aa2f598a4f6f13dd8531d1e414297d4d7eb953ab2acf293244b0918913dce745da2ab3

      Download Submit