Overview

overview

7

Static

static

7

HShield/AhnUpCtl.dll

windows7-x64

1

HShield/AhnUpCtl.dll

windows10-2004-x64

1

HShield/AhnUpGS.dll

windows7-x64

1

HShield/AhnUpGS.dll

windows10-2004-x64

1

HShield/AspINet.dll

windows7-x64

1

HShield/AspINet.dll

windows10-2004-x64

1

HShield/Bz32Ex.dll

windows7-x64

1

HShield/Bz32Ex.dll

windows10-2004-x64

1

HShield/HSInst.dll

windows7-x64

1

HShield/HSInst.dll

windows10-2004-x64

1

HShield/HSUpdate.exe

windows7-x64

1

HShield/HSUpdate.exe

windows10-2004-x64

1

HShield/Ma...ry.exe

windows7-x64

1

HShield/Ma...ry.exe

windows10-2004-x64

7

HShield/Up...i2.dll

windows7-x64

1

HShield/Up...i2.dll

windows10-2004-x64

1

HShield/Up...tl.dll

windows7-x64

1

HShield/Up...tl.dll

windows10-2004-x64

1

HShield/Up...up.exe

windows7-x64

7

HShield/Up...up.exe

windows10-2004-x64

7

ahnrpt.exe

windows7-x64

7

ahnrpt.exe

windows10-2004-x64

7

$PLUGINSDI...pt.exe

windows7-x64

7

$PLUGINSDI...pt.exe

windows10-2004-x64

7

$PLUGINSDI...PI.dll

windows7-x64

3

$PLUGINSDI...PI.dll

windows10-2004-x64

3

ehsvc.dll

windows7-x64

7

ehsvc.dll

windows10-2004-x64

7

HShield/Up...32.dll

windows7-x64

1

HShield/Up...32.dll

windows10-2004-x64

1

HShield/V3Hunt.dll

windows7-x64

3

HShield/V3Hunt.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/05/2024, 04:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HShield/Update/autoup.exe

  • Size

    184KB

  • MD5

    63f6f0c610f06b0c35ac9b4776dca786

  • SHA1

    a11e1e0ad6f952de8885b964a29bb6e4f9d7c6f1

  • SHA256

    987d2f33909c6d53d3d355f0aaf48ba31ce90b3894ab6d31bcbd0f68a0b4c300

  • SHA512

    924bb50cf5757a306285bdd0c41b623bf9dfdfa5f24b80fba9321d2b41322976b439c2a91f66895c5b999f819ca72144c3363cdda768e74662b3d63f830b9354

  • SSDEEP

    3072:rRvOMs0Npc4J4Rpqa0TqSlzDqKftQg+Ulhg+AvYD5yP5BVOrCyCSs2Kl:JOkpXJ+4a1S5S+AviiBVOrCUql

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HShield\Update\autoup.exe
    "C:\Users\Admin\AppData\Local\Temp\HShield\Update\autoup.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\HShield\Update\supdate.log
    Filesize

    30KB

    MD5

    1ec7e88224031cde4158cc77fc4366bb

    SHA1

    cedd2b0c1c9bb1b416d7fc28a65984f32b2d8fd5

    SHA256

    2e5e65884e0a9c6a0744ebe8f2dc351ca12267e70b8e0a6fbb4edd37b9541719

    SHA512

    63550d54c0bc5e939fe9acab6b33edfba1f42dabe921f9c37c8f9c0de485aa9306d115ccbf891c1cd453e6701926bfc9f2befbd9800a1807e5cbe86ec7928729

    Download Submit

  • memory/1068-0-0x0000000000400000-0x0000000000481000-memory.dmp

    Filesize

    516KB

    Download

  • memory/1068-1-0x0000000000670000-0x0000000000688000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1068-68-0x0000000000400000-0x0000000000481000-memory.dmp

    Filesize

    516KB

    Download