045cd5de254bccdef47685d5669ac04556669b4eca54a751a9ae853ea15f05fb

Analysis

max time kernel
57s
max time network
64s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 10:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoHotkey_2.0.2_setup.exe
Size

2.8MB
MD5

7ce7d260acfddf2dbc0286c1493560b2
SHA1

882b4d50de925a5411b83b47a1dbbd478490131c
SHA256

9c8b1aecaf1bdded80bec98ec5ab5b9b9754cbce9439dd9eacc7d1774d1438f8
SHA512

66ec91c9ee568342410e2b84b475b60190dcb31a8bb11b9999c81eefc43418b91dfb5822649d43c4376dbd8d804b3693d05decd30fb0035e190953d445035fcf
SSDEEP

49152:F5eZSM1m5dOO/VtzVrwHUR0QpGrfkrQdYhCl/EllK8g3pOkTQ26:YA9V9NHFpIfyQdzVK48AOkTQD

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/3532-0-0x0000000000400000-0x000000000092B000-memory.dmp	upx
behavioral1/memory/3532-1-0x0000000000400000-0x000000000092B000-memory.dmp	upx
behavioral1/memory/2708-2-0x0000000000400000-0x000000000092B000-memory.dmp	upx
behavioral1/memory/3532-50-0x0000000000400000-0x000000000092B000-memory.dmp	upx
behavioral1/memory/2708-190-0x0000000000400000-0x000000000092B000-memory.dmp	upx
behavioral1/memory/2708-194-0x0000000000400000-0x000000000092B000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

AutoHotkey_2.0.2_setup.exe

description	ioc	process
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\license.txt	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\config.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-launcherconfig.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\EnableUIAccess.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\identify_regex.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\v2\AutoHotkey32_UIA.exe	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\WindowSpy.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\common.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\install-version.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\config.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\README.txt	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\license.txt	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\ui-uninstall.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\install-ahk2exe.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\CommandLineToArgs.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\identify.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\spy.ico	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\identify_regex.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\ui-newscript.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\HashFile.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\launcher-common.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\spy.ico	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\ui-base.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\install-ahk2exe.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\install-version.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\ui-launcherconfig.ahk	AutoHotkey_2.0.2_setup.exe
File opened for modification	C:\Program Files\AutoHotkey\v2\AutoHotkey32.exe	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\ui-dash.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\v2\AutoHotkey.chm	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-editor.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\install.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\identify.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\v2\AutoHotkey32.exe	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-newscript.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\ShellRun.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\ui-setup.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\bounce-v1.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\launcher-common.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\launcher.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\reset-assoc.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-dash.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\GetGitHubReleaseAssetURL.ahk	AutoHotkey_2.0.2_setup.exe
File opened for modification	C:\Program Files\AutoHotkey\v2\RCX2594.tmp	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\WindowSpy.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\AutoHotkey.chm	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\reload-v1.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\ui-editor.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\EnableUIAccess.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\v2\AutoHotkey64.exe	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\reload-v1.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\launcher.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\CreateAppShortcut.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\install.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\ui-setup.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\HashFile.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\Templates\Minimal for v2.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\reset-assoc.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\README.txt	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\inc\ShellRun.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\UX\Templates\Minimal for v2.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\bounce-v1.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\CreateAppShortcut.ahk	AutoHotkey_2.0.2_setup.exe
File created	C:\Program Files\AutoHotkey\UX\inc\CommandLineToArgs.ahk	AutoHotkey_2.0.2_setup.exe

Modifies registry class 49 IoCs

Processes:

AutoHotkey_2.0.2_setup.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ahk\PersistentHandler\ = "{5e941d80-bf96-11cd-b579-08002b30bfeb}"	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Open\Command	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch\ProgrammaticAccessOnly	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Edit\ = "Edit script"	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Edit\Command\ = "\"C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Program Files\\AutoHotkey\\UX\\ui-editor.ahk\" \"%1\""	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs\Command	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\UIAccess	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\UIAccess\Command	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch\Command\ = "\"C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Program Files\\AutoHotkey\\UX\\launcher.ahk\" /Launch \"%1\" %*"	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\ = "AutoHotkey Script"	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\ = "Open runas UIAccess Edit"	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Edit	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\DefaultIcon	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Open\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\RunAs	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\UIAccess\ = "Run with UI access"	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Open\Command\ = "\"C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Program Files\\AutoHotkey\\UX\\launcher.ahk\" \"%1\" %*"	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\UIAccess	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\UIAccess\Command\ = "\"C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Program Files\\AutoHotkey\\UX\\launcher.ahk\" /runwith UIA \"%1\" %*"	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Launch\Command	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Open	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Open\FriendlyAppName = "AutoHotkey Launcher"	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\UIAccess\Command	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch\ = "Launch"	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Launch	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Edit\Command	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Open\ = "Run script"	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.ahk\PersistentHandler	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch\Command	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\Edit	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.ahk	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.ahk\ShellNew	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ahk\ShellNew\Command = "\"C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Program Files\\AutoHotkey\\UX\\ui-newscript.ahk\" \"%1\""	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\DefaultIcon\ = "C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe,1"	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\UIAccess\AppUserModelID = "AutoHotkey.AutoHotkey"	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs\Command\ = "\"C:\\Program Files\\AutoHotkey\\UX\\AutoHotkeyUX.exe\" \"C:\\Program Files\\AutoHotkey\\UX\\launcher.ahk\" \"%1\" %*"	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Edit\Command	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs\HasLUAShield	AutoHotkey_2.0.2_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ahk\ = "AutoHotkeyScript"	AutoHotkey_2.0.2_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AutoHotkeyScript\Shell\RunAs\Command	AutoHotkey_2.0.2_setup.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

AutoHotkey_2.0.2_setup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\EF54DEE6076F85971AE9DAB4C7FFE095F9EC8DD9	AutoHotkey_2.0.2_setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\EF54DEE6076F85971AE9DAB4C7FFE095F9EC8DD9\Blob = 030000000100000014000000ef54dee6076f85971ae9dab4c7ffe095f9ec8dd90200000001000000840000001c0000003400000001000000000000000000000000000000020000004100750074006f0048006f0074006b0065007900000000004d006900630072006f0073006f006600740020005300740072006f006e0067002000430072007900700074006f0067007200610070006800690063002000500072006f007600690064006500720000002000000001000000b1010000308201ad30820116a00302010202105535f4daa2aace8c40d5e2bb3b6b2431300d06092a864886f70d01010505003015311330110603550403130a4175746f486f746b6579301e170d3234303531313130333031385a170d3334303531313130333031385a3015311330110603550403130a4175746f486f746b657930819f300d06092a864886f70d010101050003818d0030818902818100e62b7525ed9f01dec9f5968fc88da992166a16dd4eb585a26f2cfa4528c1eb282e705dc4beebbcc33c711389f3d5a8c92782cdf4e81b26ba3a5055f20ba176519005502ca3956168a8f962d451ad5dae490ba65b84eb9c43397132b7c6a31cd2e087a734083a52a51f50080a3c133b7b4f6ad9ff41e5dddcb1b4ad4af8ac9eb50203010001300d06092a864886f70d010105050003818100bba30f34d19ab7c7eb18a854b831c282a4f914bd3b2c79daa53775b4000714f26ba383aebcf5c68ca6d921c8c186ff34264f039764073b2a31ea54a673c04c4ed26c29d0adb4468e4dad4f83c0e25ecb76cad173d6ae39c4c79957ec22464b7e3c1daec5f7be8a5a3453b4aeac5332e4afd08b681cb597cfc51ac9b22cfe97ea	AutoHotkey_2.0.2_setup.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AutoHotkey_2.0.2_setup.exe

pid process

3532 AutoHotkey_2.0.2_setup.exe

pid	process
3532	AutoHotkey_2.0.2_setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

AutoHotkey_2.0.2_setup.exe

description	pid	process	target process
PID 3532 wrote to memory of 2708	3532	AutoHotkey_2.0.2_setup.exe	AutoHotkey_2.0.2_setup.exe
PID 3532 wrote to memory of 2708	3532	AutoHotkey_2.0.2_setup.exe	AutoHotkey_2.0.2_setup.exe
PID 3532 wrote to memory of 2708	3532	AutoHotkey_2.0.2_setup.exe	AutoHotkey_2.0.2_setup.exe

C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.2_setup.exe
"C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.2_setup.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:3532

C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.2_setup.exe
"C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.2_setup.exe" /to "C:\Program Files\AutoHotkey"
2⤵
- Drops file in Program Files directory
- Modifies registry class
- Modifies system certificate store
PID:2708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3792 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:1752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.2_setup.exe\AutoHotkey32.exe
Filesize
955KB

MD5
756e244fdf729022c26f2de05c4a7249

SHA1
e0f8658e1e0e8b0f39809a45d8f6db14af707dae

SHA256
528ac75827d90533ff0ce9da73ba20a67161ff391c239d1f5eda4c17dc5b6978

SHA512
80a818775c8f01ac9968c157d7f6773fa34d3064e86aa8109a05f19a8da8ebf8dfb112cda12bfe3bb8648f063c64b99389ef049c19e6b96f77e01241eba56724

Download Submit
C:\Program Files\AutoHotkey\UX\Templates\Minimal for v2.ahk
Filesize
93B

MD5
cdc8756680c459bd511d2bd2895fe2b2

SHA1
a7ea57fd628cfe2f664f2647510c6a412c520dfb

SHA256
7f618d3ca343a0739a52a4a3c4f5b963ed98dc077b60c65fdc77d70fb0ec12d3

SHA512
101722eb5bba352d557e7d70704e24a54a129276857e8cc13f40da26dfa9267a67de79e52a0f552ff676d1825d0fb2eb467837b397d2e6905fa90d6891bccd45

Download Submit
C:\Program Files\AutoHotkey\UX\WindowSpy.ahk
Filesize
7KB

MD5
765cc539c9eb2b35b5e2784eb8b68695

SHA1
974550dc0fa38a188632f352480d9238be35fc60

SHA256
5915dca20f564240b4e7952bd82abc3fa87561d556b991cf4160dd8fb260a2bf

SHA512
0b2338ff21f5d9219e1c49d33f16d2923e65ff8bdd8b52b65e07f2d45501e072359cc08d903bcb5258bc758e087d073ac8a19c5e98328b737332b8389a4c8701

Download Submit
C:\Program Files\AutoHotkey\UX\inc\CommandLineToArgs.ahk
Filesize
352B

MD5
e8d9a7e78d6a2a40bfb532b4812bde59

SHA1
5674b63092a69c419a42bab9e7462bde3bdb3cad

SHA256
a6c51e2188e31e3510577263d7b96db147b0df3dfa24c96df8fdd9d73da859ee

SHA512
dd7d78c7724dca4684c732b0f3f8e73af67610de8945255b48b9301672ac0b4f405c802a8cd4c343d53266f492d2d0dcd2727b5ebdb9e90cfc9173876b9ab905

Download Submit
C:\Program Files\AutoHotkey\UX\inc\CreateAppShortcut.ahk
Filesize
1KB

MD5
2ffbde65b63790c5aa12996e9ef9068c

SHA1
a793986e4e72d5b5a866e927855eacc3a0399a7a

SHA256
40a6f0cda5fd1dff324cab288bb453aa60b41b09dacbfbc64f2d871423f33935

SHA512
315b2803c8e803b238e87de63a5737350e41d248f67c54662341ca889c3bd5fc6fc2f516ca20f1ff4d74fca4af247b64ec7795d4c4e8990fffce49bbf037a906

Download Submit
C:\Program Files\AutoHotkey\UX\inc\EnableUIAccess.ahk
Filesize
8KB

MD5
a3e0ea84c0e5d1cc8681ddb3740ea3e5

SHA1
bcb0e44c9bfa6d16d381bed7f17f959a9423d39c

SHA256
080a03ab1bd80607297cddd34b26decaa92a91f45a43798a3f485d8d771e3c0f

SHA512
74c80a5903a556b74f936a91697a8b5f92e449c6530dfdb0b966e880db9a2d8d0d5099c52e08d0cdbddd4043b8611d11c9162d59dd6a6a59250f7827dd66a4a4

Download Submit
C:\Program Files\AutoHotkey\UX\inc\GetGitHubReleaseAssetURL.ahk
Filesize
844B

MD5
1a8ab9bb38fd0da51d03dc48e3a0b2ea

SHA1
5c74ddd45c91a39b921139881c76c48c97e35825

SHA256
48a3f822a720b8e9b41165a1d19d56411d1f58036338ebd07ab40f2a14cf0f1b

SHA512
1b88603fb9eb28e717cb77623ff0159f5f45e677c34316dc0c5d5c2ed46c59f10d3afb532b1f99920f91b8098e544873f944b1e0e575efd694dd24bdca22c14e

Download Submit
C:\Program Files\AutoHotkey\UX\inc\HashFile.ahk
Filesize
2KB

MD5
727ae6f2ec77a5b56774df9da14636d2

SHA1
8216a2122c825127ca59b05b0bae0d57e92f1110

SHA256
84032ecac8ed334cf8788a81bea721b0af5cd7ca7dca57b60cdec3556ae33914

SHA512
f1058216b5d1b8d590eb4cafd5139f71f8df5f96a3fcc314a7635cb1b99de8623d87c57c567868ebdafb09925b8d13fdadcee49fa89f1a239725a92b948272cc

Download Submit
C:\Program Files\AutoHotkey\UX\inc\README.txt
Filesize
182B

MD5
4b095aae00456aa248024a184671e4d5

SHA1
84ae516fbc62ce0aa10ffeacd7ba865a35a0a375

SHA256
d65c6e73417e6bba7a619f2e68933b74e6ae6141277b65542aed9b6acdfc83ff

SHA512
77aabe92719d8fc7a28c76f3b76fa2e42a188db14f004262d8e913620aa990cde29119b82d919511fc0d828ca0a108ea79858ba158b6a8ed6a260b72b4ee229d

Download Submit
C:\Program Files\AutoHotkey\UX\inc\ShellRun.ahk
Filesize
420B

MD5
9e53fca8c7f6a9ee179f0fc0a7890ea3

SHA1
dc2a1bf437eea36b3f5ba9318f3b391b405d5cb2

SHA256
ea67340c555fdc1abf8e324ac550ac37d2ba5f96a8edef120e72fb340f8f95c0

SHA512
cad5c07f952fb93413b4a3990c522ba4b446ae41f11c8dd323bdcde1b30fbfd76515606d5dc4bcb8768bd382cdb82553801539a192b002696d253341f3c0dbc5

Download Submit
C:\Program Files\AutoHotkey\UX\inc\bounce-v1.ahk
Filesize
142B

MD5
165b8fc572f943e3665994f87f1772b7

SHA1
265ca3d2a66a7e1807962eb7e8a444cefb61bc0c

SHA256
9b75c7f804d1d55807459e6f06db2bee8e1fb60ce9c9340d44a7b491ce53b982

SHA512
e675453eef9a10560cb9ea95e993d8068c8dfca3664a140b6ba33361d0736632b8ce3a37770411583f558476173294bcc12b83bf33190d89eb009bfb9bb5f0af

Download Submit
C:\Program Files\AutoHotkey\UX\inc\common.ahk
Filesize
688B

MD5
dac79ad5a978f0497de70a005b6a6084

SHA1
db100ce15998772fe322679468f46b0f25239eb4

SHA256
dbc1420c9368e954176cd1bc38c0bf5498d721cb7dee50b5abef51611a33c658

SHA512
9f2a2c0e01724ef82860cfb97fbe6196d29b3b41080f04b3f51653f2f535849428b0a245bc954aa57569aa660d5a5a20d2d1e0dbb9081d718bf2deddb051f47c

Download Submit
C:\Program Files\AutoHotkey\UX\inc\config.ahk
Filesize
429B

MD5
248b58535f55eb55d9baec04a384b5e6

SHA1
76d067318b67da9a3da71a232a887c8935c7068f

SHA256
4d1f241a0c973e30f1bf19e71cadb386b872a14bf0c29d32d4781a56cafd998a

SHA512
0186eb49da706c6cc6f48ecd94a4996c258ecea10bed26b9c79bddf0f7eca32df1449166309237859ca2508427bf79d447a2202eaeba211228da9822646cf23a

Download Submit
C:\Program Files\AutoHotkey\UX\inc\identify.ahk
Filesize
994B

MD5
c4f4b01aac51b0d52243a3c6b508273f

SHA1
5c82eb24a0b64e157c5ad93c704a392998f061c6

SHA256
e118c75f277ae34fbc70a51abdb1dae024df01d4acbe4210c39c1c03857de57f

SHA512
7f4bc8f36d58f079e8a8bd0ab8b9c2ee9995034ff3b652ebe939f8c3e9f20b6488bb641c956c941f0baa75cdaaa32e6aa1cd0c38f0bd760e6496a4beb5b80a74

Download Submit
C:\Program Files\AutoHotkey\UX\inc\identify_regex.ahk
Filesize
3KB

MD5
56b3cbe632d3bc9eca60cc289e9f99fb

SHA1
4226d0206445284efbf85865853ea80ca4672ff6

SHA256
b8464a27f37c3ae0753d16be5b6114c272b767e42b56b7e8ba06c6284cb4fc8f

SHA512
5cf62bf2410a575d6ebc601d0bd98602da1599f09b553bad56df5e8aea8d42030bb4d7f553bcc5fae9d460848ac6f84ffcf5e70bd0728df849084ed32bb7ce03

Download Submit
C:\Program Files\AutoHotkey\UX\inc\launcher-common.ahk
Filesize
2KB

MD5
696750c1861231d07ff4548ad4360dc8

SHA1
eb4b90b17aadf7b1ccdc484840b5500494c4a787

SHA256
f7d5ac8d1cfc77685cdcdbe89abb8ac0a89f5b6eec1ac1385069b72a05d05315

SHA512
5745b58987555c797f90efd65bb9e02e3a9139b934e27b287816be79a988f04eef6dd8b8af43c30f5f4bc5360ca7a3e42a21734915277cf3a18a91ea39ac3636

Download Submit
C:\Program Files\AutoHotkey\UX\inc\spy.ico
Filesize
4KB

MD5
eeecd8af162d3f318496e0e60d6d8c57

SHA1
31a99c80e4f1033914ce9344e95b84571f76ad2d

SHA256
968473df8eac7264d9e84e6ae91a4d706cda9f89f345d182617b161ef4fe1a7b

SHA512
6f55968adf7f2f02e128945016ed0c4d003c9640e4cbfc7b22b82374647e6ebdb07c02e99240da369789f4107d2c130e54d4acb1324455fd26668c4d1d009884

Download Submit
C:\Program Files\AutoHotkey\UX\inc\ui-base.ahk
Filesize
4KB

MD5
f4251e653dbbbdd8cf4640bd9855c207

SHA1
d08b6e5796150aa1436fd3da39bfc5fdbaaee297

SHA256
deffd87d99ff125eccac2331a8ba4e3a0044e150e80316e9469dd57f322beda1

SHA512
86896ccb0acbd27eeefe6e02747958cafcca31541638435dfe9f08d89b763144f6b5fb521df11dce4c3f46b186de4905f56ebcc7c57d4c29ef2a0731a6492698

Download Submit
C:\Program Files\AutoHotkey\UX\install-ahk2exe.ahk
Filesize
1KB

MD5
c90bed0679b789b74e4865ae6f2709a3

SHA1
b0dbee6a237ba93daec76a0553cd3254821d60a1

SHA256
c242ebb51241acab13152d95cdb05be5382ffb97f3dca2da3a4e5a084c2e3ff4

SHA512
f8dfe5c558b427e05905b2a3d8a09632347edf945d47ed4fc82ec38a9045f5837a798ef669f0fdae6504d9eee6762c49c8e6c32adac0f6a3e6c2eed6d48e64b2

Download Submit
C:\Program Files\AutoHotkey\UX\install-version.ahk
Filesize
4KB

MD5
6f86c34ca7092ae85acc35f6cdd9b584

SHA1
90f3f211e2280b33f28bb962537d6b1470f67a95

SHA256
18639f9d4d61520bc76b7e72d749114f165970705a0419a9b10cb658dde8aab0

SHA512
7f7c86ae891d827870daf12d0c9dec97e1cd1ee28d9d583349fd1fda31ec6399ca52ee0bcdbb59badd951ca263685648aa31932102ec302054fec0be18bbd30d

Download Submit
C:\Program Files\AutoHotkey\UX\install.ahk
Filesize
38KB

MD5
c7fe49395bde333ec9f4e16cd81fc748

SHA1
5e5b5be21e1d70fc0dd6a968372e249b6bc09b8f

SHA256
c6876cd56267d4275b229ef011957443232c730ac3edf5caf41a678f70f362a4

SHA512
462db3d319ccafec93f64f161cc461e270a9d72320d98193393c3b75e4aa54abba49a53ae7be749e82fcc84070e42d68375fd4a35b58c531acdfa5c58cf61818

Download Submit
C:\Program Files\AutoHotkey\UX\launcher.ahk
Filesize
14KB

MD5
96c2556250d7040a09e4fbf7b7880eab

SHA1
1f9aeae79349ad311f283bb039d30d4d489e133c

SHA256
098a167d6c949cd530a5c0a70f10499137cfd3947761f4bda1bb11fb7412093d

SHA512
cdd373ab7697f7d3fc83638a652fa64f2e6bbb1eda744c58fc16c0178e4c67afec55bb0802e8c90e89a1d11cb276fb78d03af0df291ec4545ccf3e6afc5014f5

Download Submit
C:\Program Files\AutoHotkey\UX\reload-v1.ahk
Filesize
556B

MD5
35f4753a58432446b99bf89a9e930bf5

SHA1
babc3341d9d95865a36ea9a20549a61146093006

SHA256
e4659306a755b583e9cef5fdba3b3eb102d8939fb028afd91aad4496e758fad5

SHA512
ac3483a17ead5173ce40a6af55c3c2361652fefd94c0bd82e004df8186ffc31eab194534a25fe995d677f2f71363095d177c01afb6ae50f2b63ba156855ef5e5

Download Submit
C:\Program Files\AutoHotkey\UX\reset-assoc.ahk
Filesize
1KB

MD5
40daa2aff3aa10f66f7e2c30f57481ec

SHA1
f2973e3c431919a74b174d93dbf069f988efebd9

SHA256
1d4798dbf51177acf72fdb35120bb9221d95db7249725b3d93d8298f4e38b2c1

SHA512
bf8d80b3d98b8f0c195871670a99d751f91f9e0601d9816812129a14c887fec8d21df10cf5bc74ebc7bebe81d8e2e0a922e9d2775d742d371457e9f07b425c55

Download Submit
C:\Program Files\AutoHotkey\UX\ui-dash.ahk
Filesize
6KB

MD5
669bd791c5aafb60ee0885ef064d3622

SHA1
acefb3c3997e2eadd32413814e71aaaad5a8b6d4

SHA256
e8c0b4e149ad58c57e77aac12041f1fa8bc9f25c6d642d12837efc5fd97b8d21

SHA512
eb0345b3562523c58894752276938c7e5ee63b7c3a660317c9a4c1a93b6e530b12015dd380a8a230324b94a9f042380c1a1d24b49d21c3805a4711cb185a33db

Download Submit
C:\Program Files\AutoHotkey\UX\ui-editor.ahk
Filesize
8KB

MD5
180dd58400f62dc7edfa6ba435c408ae

SHA1
52c9b9fb423f3b01b86fb78db00ba26d5f90f36b

SHA256
6412208a31f7ca00e375760e4d32f41f9f8d13f398422d45c700e413cf9c05e6

SHA512
d4895399ed10886ae805e48673787933bf9812b1fe14e575f62f56f90ff8b0d95611297af95e8c899a21787baf688bab2c6e21ca78450543616c2b8ec6f06ee5

Download Submit
C:\Program Files\AutoHotkey\UX\ui-launcherconfig.ahk
Filesize
7KB

MD5
b0cb2a02429abfaa728f704d622946c5

SHA1
8f5df7cacaabee35f192864412488e46bc4deff6

SHA256
2c7d6f58cdcf3eb10734d68c20a6951f276592e738c7d025a95eafcd9111e658

SHA512
51a2b6f421db431d7a71b77531d74fd12f1d9cb2d24719c0b043ae8b0a79c23140d38bc0127d63a99455b0de0c135d53f347637087b27f5919f4868926ca2824

Download Submit
C:\Program Files\AutoHotkey\UX\ui-newscript.ahk
Filesize
10KB

MD5
934681c007b629a500316517a7827300

SHA1
fe60c73e2bd467ca1ed164552644843a4363b477

SHA256
be7316a2dc06800291f17411c00e6e0a4576879ccc8be1fadafbc1cca9fd133e

SHA512
2a11ff735bf1f8499220986a43dd41c73ace354fa744f17df7d74d6579e444c3e023f5a69f20cd0579faf250878b3b010f289f37fff376adc8118b913fe18654

Download Submit
C:\Program Files\AutoHotkey\UX\ui-setup.ahk
Filesize
7KB

MD5
bae998e735cbd60d3d77b6d409e1f1d8

SHA1
0313ae245bc925771c173138a679861a49f2371f

SHA256
ffcfa20f51973a33143a06ddd5dc47e3062914759ada7cc5837cb2e94bc8baf3

SHA512
08548497679b56f21867b1afd7ebc4651fc5579d42bf6628b74d374eae69c5da43c518f138e8918fad4808baad7c44911cf0347d205108de2c83d25c28f94c30

Download Submit
C:\Program Files\AutoHotkey\UX\ui-uninstall.ahk
Filesize
2KB

MD5
0fe4932669e99a498a7bc76975919000

SHA1
e0d6a7b484d3a6c0d7427f611c575f93e4f87ba4

SHA256
1e09fc4af5dc3e673d4facfe4fa849c6bdd0b29c67b0efd7f96aaf387fcef698

SHA512
dd3b99739106953608ac2eb2ecc4e3d316b5122b1b305bd7cfab82fcc7ec0d92b5944f4724d37cbc01ca5c6b5381b57fad9256586b5dfd0026453f9c11a32394

Download Submit
C:\Program Files\AutoHotkey\license.txt
Filesize
17KB

MD5
e3f2ad7733f3166fe770e4dc00af6c45

SHA1
3d436ffdd69f7187b85e0cf8f075bd6154123623

SHA256
b27c1a7c92686e47f8740850ad24877a50be23fd3dbd44edee50ac1223135e38

SHA512
ed97318d7c5beb425cb70b3557a16729b316180492f6f2177b68f512ba029d5c762ad1085dd56fabe022b5008f33e9ba564d72f8381d05b2e7f0fa5ec1aecdf3

Download Submit
C:\Program Files\AutoHotkey\v2\AutoHotkey.chm
Filesize
1.8MB

MD5
d7ec8fe26d26746b74f244026dc70152

SHA1
492da9985534e55020d7529591d5cfbe59300555

SHA256
3adcde4562651b37751e8ad1cfbac13a09dcc1e923ac42c17d86ba395f0a1e0a

SHA512
515b9fc07d4b755c0711bd251f3bcd335d58903bc1d4a1e5c544965e951a8548317ed42e7b9ac0ecf7d5966e879f4f42b677ea0d716fb1524d7984588cf704e4

Download Submit
C:\Program Files\AutoHotkey\v2\AutoHotkey64.exe
Filesize
1.2MB

MD5
99ec2b896ef799981db726d05baac05c

SHA1
5ba1cd1ced1c8657b45063cd374485b323b93a65

SHA256
18e4d217e5f750735996e5a804147e710e8ff541cec8ef88223afcfb60c18e40

SHA512
7689737430f6d84901e2ccd5f9ac0723cba6faa22edf34199b9814d91da196a420dd358b9a30c7c2642aa564ba8ed2ef1f065679d51c647e8918c7d575c70e37

Download Submit
memory/2708-190-0x0000000000400000-0x000000000092B000-memory.dmp

Filesize
5.2MB

Download
memory/2708-2-0x0000000000400000-0x000000000092B000-memory.dmp

Filesize
5.2MB

Download
memory/2708-193-0x0000000004BA0000-0x0000000004CA0000-memory.dmp

Filesize
1024KB

Download
memory/2708-194-0x0000000000400000-0x000000000092B000-memory.dmp

Filesize
5.2MB

Download
memory/2708-197-0x0000000004BA0000-0x0000000004CA0000-memory.dmp

Filesize
1024KB

Download
memory/3532-50-0x0000000000400000-0x000000000092B000-memory.dmp

Filesize
5.2MB

Download
memory/3532-1-0x0000000000400000-0x000000000092B000-memory.dmp

Filesize
5.2MB

Download
memory/3532-0-0x0000000000400000-0x000000000092B000-memory.dmp

Filesize
5.2MB

Download