Overview

overview

7

Static

static

7

HShield/AhnUpCtl.dll

windows7-x64

1

HShield/AhnUpCtl.dll

windows10-2004-x64

1

HShield/AhnUpGS.dll

windows7-x64

1

HShield/AhnUpGS.dll

windows10-2004-x64

1

HShield/AspINet.dll

windows7-x64

1

HShield/AspINet.dll

windows10-2004-x64

1

HShield/Bz32Ex.dll

windows7-x64

1

HShield/Bz32Ex.dll

windows10-2004-x64

1

HShield/HSInst.dll

windows7-x64

1

HShield/HSInst.dll

windows10-2004-x64

1

HShield/HSUpdate.exe

windows7-x64

1

HShield/HSUpdate.exe

windows10-2004-x64

1

HShield/Ma...ry.exe

windows7-x64

1

HShield/Ma...ry.exe

windows10-2004-x64

7

HShield/Up...i2.dll

windows7-x64

1

HShield/Up...i2.dll

windows10-2004-x64

1

HShield/Up...tl.dll

windows7-x64

1

HShield/Up...tl.dll

windows10-2004-x64

1

HShield/Up...up.exe

windows7-x64

7

HShield/Up...up.exe

windows10-2004-x64

7

ahnrpt.exe

windows7-x64

7

ahnrpt.exe

windows10-2004-x64

7

$PLUGINSDI...pt.exe

windows7-x64

7

$PLUGINSDI...pt.exe

windows10-2004-x64

7

$PLUGINSDI...PI.dll

windows7-x64

3

$PLUGINSDI...PI.dll

windows10-2004-x64

3

ehsvc.dll

windows7-x64

7

ehsvc.dll

windows10-2004-x64

7

HShield/Up...32.dll

windows7-x64

1

HShield/Up...32.dll

windows10-2004-x64

1

HShield/V3Hunt.dll

windows7-x64

3

HShield/V3Hunt.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 04:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HShield/Update/autoup.exe

  • Size

    184KB

  • MD5

    63f6f0c610f06b0c35ac9b4776dca786

  • SHA1

    a11e1e0ad6f952de8885b964a29bb6e4f9d7c6f1

  • SHA256

    987d2f33909c6d53d3d355f0aaf48ba31ce90b3894ab6d31bcbd0f68a0b4c300

  • SHA512

    924bb50cf5757a306285bdd0c41b623bf9dfdfa5f24b80fba9321d2b41322976b439c2a91f66895c5b999f819ca72144c3363cdda768e74662b3d63f830b9354

  • SSDEEP

    3072:rRvOMs0Npc4J4Rpqa0TqSlzDqKftQg+Ulhg+AvYD5yP5BVOrCyCSs2Kl:JOkpXJ+4a1S5S+AviiBVOrCUql

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HShield\Update\autoup.exe
    "C:\Users\Admin\AppData\Local\Temp\HShield\Update\autoup.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\HShield\Update\supdate.log
    Filesize

    29KB

    MD5

    2cde609b43d2c0157f3b16003a1d1137

    SHA1

    9aba8411f6c5a1e4bdf45fde2efd4078f2363f91

    SHA256

    105bc0a04231acaa3924004cb90c9da309313ab3edf6ce4fe160344b1df630a6

    SHA512

    919d500bfe57588f6bec91a04ef5cbe39a38f52d58264df06d42cc95eef936df86f89436f6a63dea35822e206c61c08d9bde9fdfd7cb6f66ac59e02a645f9126

    Download Submit

  • memory/3056-0-0x0000000000400000-0x0000000000481000-memory.dmp

    Filesize

    516KB

    Download

  • memory/3056-1-0x0000000000260000-0x0000000000278000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3056-68-0x0000000000400000-0x0000000000481000-memory.dmp

    Filesize

    516KB

    Download