0bdc115aef8d58d2268275c231838e9cbd0c0b2a341fce80472f6ec83cf3e3fb

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 07:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Recover My Files v4/RecoverMyFiles-Help.chm
Size

2.2MB
MD5

6cc302fe2b9747daf77453fdd936cef9
SHA1

25ec4e019d3d6a979838cf6e06d1eae64c2dfc5a
SHA256

4af221ba171d50d2df714fe8c36da8d44e138e7fd25b4929a9d095eff9aca6db
SHA512

4cb492daadb32cf76040fa1e8c8c75afe1dd62390143f9e10b051b16fdd417eeffc353523c1124f6616ee19ee2bb47e7427a3a714fdbf848670d94388b0fec06
SSDEEP

49152:01PvNCm188Vqc3bxo/NwjpfzbzFmP1YJO9OKj5XLo7ITEFTVfonYZTgtGir+:01PF38yHqVOhqDOMXLk2EFRZTAS

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	hh.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1720	hh.exe
1720	hh.exe

C:\Windows\hh.exe
"C:\Windows\hh.exe" "C:\Users\Admin\AppData\Local\Temp\Recover My Files v4\RecoverMyFiles-Help.chm"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1720-21-0x000007FFFFF90000-0x000007FFFFFA0000-memory.dmp

Filesize
64KB

Download