Overview

overview

7

Static

static

7

HShield/AhnUpCtl.dll

windows7-x64

1

HShield/AhnUpCtl.dll

windows10-2004-x64

1

HShield/AhnUpGS.dll

windows7-x64

1

HShield/AhnUpGS.dll

windows10-2004-x64

1

HShield/AspINet.dll

windows7-x64

1

HShield/AspINet.dll

windows10-2004-x64

1

HShield/Bz32Ex.dll

windows7-x64

1

HShield/Bz32Ex.dll

windows10-2004-x64

1

HShield/HSInst.dll

windows7-x64

1

HShield/HSInst.dll

windows10-2004-x64

1

HShield/HSUpdate.exe

windows7-x64

1

HShield/HSUpdate.exe

windows10-2004-x64

1

HShield/Ma...ry.exe

windows7-x64

1

HShield/Ma...ry.exe

windows10-2004-x64

7

HShield/Up...i2.dll

windows7-x64

1

HShield/Up...i2.dll

windows10-2004-x64

1

HShield/Up...tl.dll

windows7-x64

1

HShield/Up...tl.dll

windows10-2004-x64

1

HShield/Up...up.exe

windows7-x64

7

HShield/Up...up.exe

windows10-2004-x64

7

ahnrpt.exe

windows7-x64

7

ahnrpt.exe

windows10-2004-x64

7

$PLUGINSDI...pt.exe

windows7-x64

7

$PLUGINSDI...pt.exe

windows10-2004-x64

7

$PLUGINSDI...PI.dll

windows7-x64

3

$PLUGINSDI...PI.dll

windows10-2004-x64

3

ehsvc.dll

windows7-x64

7

ehsvc.dll

windows10-2004-x64

7

HShield/Up...32.dll

windows7-x64

1

HShield/Up...32.dll

windows10-2004-x64

1

HShield/V3Hunt.dll

windows7-x64

3

HShield/V3Hunt.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 04:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HShield/HSUpdate.exe

  • Size

    150KB

  • MD5

    061ac0ac3eec7b767c2d353ada7aad4b

  • SHA1

    951f81e84581cacab2a953036ca8a0f3db15361a

  • SHA256

    daf95bde2293271f59df320e5d934bd47e0e5b14da1d47536ef25596c9db1393

  • SHA512

    96b4136dcf0a566561f2908ddd0870f5245a43ea2bbf750f81785a67c278ee2af7dfbe63c021350f9b5eda47caaf50a9b94acc780d221172b994198147e1610d

  • SSDEEP

    3072:Q+V+eO276pVT86NMxWWJLhXTszFCpJI+lKMbc0Bagee/oAQ:vV+eO22Px2xWWnDssElUtQ

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HShield\HSUpdate.exe
    "C:\Users\Admin\AppData\Local\Temp\HShield\HSUpdate.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\HShield\supdate.log
    Filesize

    479KB

    MD5

    b21db4568754a3c53256769ca6e8fa45

    SHA1

    68872e618ae61a9267dcca7d8728d7346c67018e

    SHA256

    87d25bc5937758185fcf73af2ea9b3e85bd9030da50938063007ad1cbee5ff32

    SHA512

    327bc10b7396370e32cdc9a0b8b1ff8ffac39bb13811e17fbaeac37cdbd638d932a225b305a24650f31c1ef9bbad3acb521c9b8c8f173df3eb9a3f34f215183d

    Download Submit

  • memory/4008-16-0x0000000000AD0000-0x0000000000AFD000-memory.dmp

    Filesize

    180KB

    Download

  • memory/4008-18-0x00000000023B0000-0x00000000023D3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/4008-19-0x0000000004820000-0x0000000004846000-memory.dmp

    Filesize

    152KB

    Download

  • memory/4008-20-0x0000000004850000-0x0000000004916000-memory.dmp

    Filesize

    792KB

    Download

  • memory/4008-17-0x00000000025C0000-0x00000000025D5000-memory.dmp

    Filesize

    84KB

    Download