7b9a0fd990959dfd15a879bbffd13d4959b9bdeecf6831b91b8ac02d72e9bba5

Submit
Reports

Overview

overview

Static

static

Spoof Inst...ew.chm

windows7-x64

Spoof Inst...ew.chm

windows10-2004-x64

Spoof Inst...ew.exe

windows7-x64

Spoof Inst...ew.exe

windows10-2004-x64

Spoof Inst...pt.ps1

windows7-x64

Spoof Inst...pt.ps1

windows10-2004-x64

Spoof Inst...ID.cmd

windows7-x64

Spoof Inst...ID.cmd

windows10-2004-x64

Spoof Inst...id.exe

windows7-x64

Spoof Inst...id.exe

windows10-2004-x64

Spoof Inst...64.exe

windows7-x64

Spoof Inst...64.exe

windows10-2004-x64

Spoof Inst...me.bat

windows7-x64

Spoof Inst...me.bat

windows10-2004-x64

Spoof Inst...sk.exe

windows7-x64

Spoof Inst...sk.exe

windows10-2004-x64

Spoof Inst...ch.exe

windows7-x64

Spoof Inst...ch.exe

windows10-2004-x64

Spoof Inst...gs.vbs

windows7-x64

Spoof Inst...gs.vbs

windows10-2004-x64

Spoof Inst...ol.exe

windows7-x64

Spoof Inst...ol.exe

windows10-2004-x64

Spoof Inst...he.bat

windows7-x64

Spoof Inst...he.bat

windows10-2004-x64

Spoof Inst...or.url

windows7-x64

Spoof Inst...or.url

windows10-2004-x64

Spoof Inst...on.bat

windows7-x64

Spoof Inst...on.bat

windows10-2004-x64

Spoof Inst...er.exe

windows7-x64

Spoof Inst...er.exe

windows10-2004-x64

Spoof Inst...le.exe

windows7-x64

Spoof Inst...le.exe

windows10-2004-x64

Analysis

max time kernel
91s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-08-2024 21:28

Sharing

Copy URL

Twitter E-mail

Static task

static1

6 signatures

Behavioral task

behavioral1

Sample

Spoof Instructions/Spoof Toolz/OtherIDs/USBDeview.chm

Resource

win7-20240729-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

Spoof Instructions/Spoof Toolz/OtherIDs/USBDeview.chm

Resource

win10v2004-20240802-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral3

Sample

Spoof Instructions/Spoof Toolz/OtherIDs/USBDeview.exe

Resource

win7-20240708-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral4

Sample

Spoof Instructions/Spoof Toolz/OtherIDs/USBDeview.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral5

Sample

Spoof Instructions/Spoof Toolz/Reg_Script.ps1

Resource

win7-20240705-en

execution

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral6

Sample

Spoof Instructions/Spoof Toolz/Reg_Script.ps1

Resource

win10v2004-20240802-en

execution

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral7

Sample

Spoof Instructions/Spoof Toolz/VolChange/ChangeVolID.cmd

Resource

win7-20240708-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral8

Sample

Spoof Instructions/Spoof Toolz/VolChange/ChangeVolID.cmd

Resource

win10v2004-20240802-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral9

Sample

Spoof Instructions/Spoof Toolz/VolChange/_/Volumeid.exe

Resource

win7-20240705-en

discovery

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral10

Sample

Spoof Instructions/Spoof Toolz/VolChange/_/Volumeid.exe

Resource

win10v2004-20240802-en

discovery

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral11

Sample

Spoof Instructions/Spoof Toolz/VolChange/_/Volumeid64.exe

Resource

win7-20240704-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

Spoof Instructions/Spoof Toolz/VolChange/_/Volumeid64.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

Spoof Instructions/Toolz/Activate Win10Home.bat

Resource

win7-20240708-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral14

Sample

Spoof Instructions/Toolz/Activate Win10Home.bat

Resource

win10v2004-20240802-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral15

Sample

Spoof Instructions/Toolz/AnyDesk.exe

Resource

win7-20240708-en

discovery

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral16

Sample

Spoof Instructions/Toolz/AnyDesk.exe

Resource

win10v2004-20240802-en

discovery

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral17

Sample

Spoof Instructions/Toolz/DNSBench.exe

Resource

win7-20240704-en

discovery

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral18

Sample

Spoof Instructions/Toolz/DNSBench.exe

Resource

win10v2004-20240802-en

discovery

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral19

Sample

Spoof Instructions/Toolz/Defender Control/Defender_Settings.vbs

Resource

win7-20240729-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral20

Sample

Spoof Instructions/Toolz/Defender Control/Defender_Settings.vbs

Resource

win10v2004-20240802-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral21

Sample

Spoof Instructions/Toolz/Defender Control/dControl.exe

Resource

win7-20240705-en

discovery upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral22

Sample

Spoof Instructions/Toolz/Defender Control/dControl.exe

Resource

win10v2004-20240802-en

discovery upx

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral23

Sample

Spoof Instructions/Toolz/DelUSBCache.bat

Resource

win7-20240704-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

Spoof Instructions/Toolz/DelUSBCache.bat

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

Spoof Instructions/Toolz/Free Online GUID Generator.url

Resource

win7-20240708-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

Spoof Instructions/Toolz/Free Online GUID Generator.url

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

Spoof Instructions/Toolz/GeoLocation.bat

Resource

win7-20240704-en

execution

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral28

Sample

Spoof Instructions/Toolz/GeoLocation.bat

Resource

win10v2004-20240802-en

execution

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral29

Sample

Spoof Instructions/Toolz/PrivaZerPortable/App/PrivaZer/PrivaZer.exe

Resource

win7-20240708-en

discovery

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral30

Sample

Spoof Instructions/Toolz/PrivaZerPortable/App/PrivaZer/PrivaZer.exe

Resource

win10v2004-20240802-en

discovery

windows10-2004-x64

14 signatures

150 seconds

Behavioral task

behavioral31

Sample

Spoof Instructions/Toolz/PrivaZerPortable/PrivaZerPortable.exe

Resource

win7-20240708-en

discovery

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral32

Sample

Spoof Instructions/Toolz/PrivaZerPortable/PrivaZerPortable.exe

Resource

win10v2004-20240802-en

discovery

windows10-2004-x64

15 signatures

150 seconds

Report Analysis Logs

General

Target

Spoof Instructions/Spoof Toolz/OtherIDs/USBDeview.chm
Size

24KB
MD5

411e4fba3110e963a85ceaf46e8cedd2
SHA1

4272eb5976e951c448fab798f7b1fb0437f8f148
SHA256

63606a5617a62060a2894904bf28d53f9f80cbe7b1be885cec114173d054767c
SHA512

c8cdb839b6a49591a64a949d8602ef14703d47a7c90b300db9a4b64fd59a8e3b3e6ee6f4881732a05ff480fc23241848cc99852733e1049da5342b7b4e176ce4
SSDEEP

384:9TXSD100stETnEaqFqFWWreTy7H9CluSY1t5A2Xzo:9TCDWtEL8Fy0yH92zY1/A2Do

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4680	hh.exe
4680	hh.exe

Processes

C:\Windows\hh.exe
"C:\Windows\hh.exe" "C:\Users\Admin\AppData\Local\Temp\Spoof Instructions\Spoof Toolz\OtherIDs\USBDeview.chm"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4680

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads