62734d219f14a942986e62d6c0fef0c2315bc84acd963430aed788c36e67e1ff

Analysis

max time kernel
131s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 13:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

AutoHotkey_1.1.36.01_setup.exe
Size

3.2MB
MD5

b2a2f9919867800ebe81faafcfbb564b
SHA1

384b8e5a91e12d858aa2c7e3196ea44d3e3abe89
SHA256

62734d219f14a942986e62d6c0fef0c2315bc84acd963430aed788c36e67e1ff
SHA512

727bed51f7816a955eb660c027dc295c8d36d3e73da4bbc0c11d25afd7d430286ab3019c15e689ef2b99752b574f4e1bbea73bfb72a376149344208d66ba2df0
SSDEEP

98304:ujKsFrg6lgKlt0Jop4KrOvZ28jJNoHRPEJTZhllZorRF5D:uS6lvkSOhprSPQZhlTc35

Score

7^/10

evasion trojan

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1356	setup.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	setup.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1356	setup.exe
1356	setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 1356	2996	AutoHotkey_1.1.36.01_setup.exe	84
PID 2996 wrote to memory of 1356	2996	AutoHotkey_1.1.36.01_setup.exe	84
PID 2996 wrote to memory of 1356	2996	AutoHotkey_1.1.36.01_setup.exe	84

C:\Users\Admin\AppData\Local\Temp\AutoHotkey_1.1.36.01_setup.exe
"C:\Users\Admin\AppData\Local\Temp\AutoHotkey_1.1.36.01_setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Users\Admin\AppData\Local\Temp\7z70216BB4\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7z70216BB4\setup.exe
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Suspicious use of SetWindowsHookEx
  PID:1356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7z70216BB4\setup.exe

Filesize
870KB

MD5
0536fa96348a05b68d34f1715419aff0

SHA1
8612b7347bbbe0adc8794097263c31fa1de7baef

SHA256
0e9887d00b6a4cdacbee58a9ce116dec3704bababb034031ebf4913795a550c6

SHA512
caeac7311e09e3d8046dbfdc0d2bcf2110ba9c3c1514a3eae22f5137d92683ba8114ef0ecf91b18ba8acc38645c0dbc097c4a86b73c3c419d7200f48d6c998b6

Download Submit
memory/1356-47-0x00000000009D0000-0x0000000000AD0000-memory.dmp

Filesize
1024KB

Download
memory/1356-48-0x00000000009D0000-0x0000000000AD0000-memory.dmp

Filesize
1024KB

Download