83ce60348e07ef8e60a78b4954b90859584495ffc77fff3de3a2e1045499c0c2

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 03:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoFireWall_701_20101107/[AFW]UserGuider.chm
Size

120KB
MD5

7ac02de92a741f13309dc98f48e14543
SHA1

281ae0bd73b8f7b88718f7e11d4cf4b30a71b9ca
SHA256

6c1ab68d631d497a3e6516c95d09c81c786d24c50a19b26f014397a53e80e49d
SHA512

eede3e72284ed184a03156c447c941a6b503a91579c7c185829a0fdb0957917a9d78bb94af6fb3f9552c20e4e61d892fa3bde6b5d0eea56f0f53b0b45df23a02
SSDEEP

3072:8l/ph+TvU9tDy60VkpqHLgDtaAiCp21LoX9c:8lmTs91rXYggAiCp21kXq

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	hh.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2420	hh.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2420	hh.exe
2420	hh.exe

C:\Windows\hh.exe
"C:\Windows\hh.exe" C:\Users\Admin\AppData\Local\Temp\AutoFireWall_701_20101107\[AFW]UserGuider.chm
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads