6b1d5a9dd1e41ff1c5bbc0612bb8cfa0d3b58aeab9ea3a3c51e2756c8012df94

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 21:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

StartBlueScreen.chm
Size

13KB
MD5

da43a71517c7af4127e564a3f09e08cb
SHA1

3f8df7cbefd9a36dc9b7adeff1653c4db1a12be1
SHA256

7bacd6052cdb33204e076147174ad8a1786a1bd399a3a4b4d59d741f1f56e1b8
SHA512

2515f7001c08abd1a7b65a2fb237015dd15e6f884a92c1c061dffb37a4d09414ee96d0ab8a44a1da8ba822975e95b9164a453cabfb3c2e15056097191b202a65
SSDEEP

96:SK9DEv345r0YXEKHZ/r2kjUnQgzhT/Qjzx2gJ8VApkWZ2:SMU45r0UEK5r25T/QvUV/C

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	hh.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1984	hh.exe
1984	hh.exe

C:\Windows\hh.exe
"C:\Windows\hh.exe" C:\Users\Admin\AppData\Local\Temp\StartBlueScreen.chm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1984

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...