e723ee615d7a64e918ab185b645324a0cb1b376302d33b54995b54da39be51f3 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-05-2024 20:31

Sharing

Report Analysis Logs

General

Target

Help.chm
Size

155KB
MD5

10ab0709e3b1d21ef30601a14e14e558
SHA1

2556e70d17929d41c27e62b7a99b4adbcd7338a2
SHA256

a60d359f8b59fa335e6186c89e28b0b90961a2a83a3b45e48a4c89e616c98642
SHA512

0f35ac2962017892215b30c1014b1005c2a2ff5cbb4c4f1375f95be824e92775cf0ef3144ff5e3767dbe1adb9ff3630b81c784ffa700af1ce705c9ed3bc75a6f
SSDEEP

3072:BrJ9Iq3bGDs4ES3F3oe6TVNRhEMT4HkT0wvMyX0DnazQ67T4Vr9ZKmq7:BrJ91LGD7ESV39Q/bTKwvhCKQ6arHM

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs
adware spyware

Modify Registry
T1112

Processes:

hh.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main hh.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

hh.exe

pid process

2916 hh.exe
2916 hh.exe

C:\Windows\hh.exe
"C:\Windows\hh.exe" C:\Users\Admin\AppData\Local\Temp\Help.chm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2916

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...