341dfa8cc975233055495070cb6ef14918f458710cc5826e789567ba3ec0f497

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 17:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dvdshrink.chm
Size

130KB
MD5

ab1081840d24bb214062d5f30a3018d3
SHA1

dda8727b2a3762dae4223d52ef75c1808f5e8064
SHA256

b1278211d38c9b47c1c48ccb0cd40c119c51ef9a80c09cb28b877db35fe95d7f
SHA512

d21887a4cd791c0cee45ca556e009e506412f57f6162f9f978b904d9a2d88c9e659342a5f2771b8ed9e72e52a73357db8adb4db77eb16db895cc3dc73c39f994
SSDEEP

3072:oRYJTrMNZhtKCdaDNuu6IrKGbtIYQCqLYiiqLgAqyd:oRO6ht/sD0LICrJkrqL3

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	hh.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	hh.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	hh.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	hh.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	hh.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\International\CpMRU	hh.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3028	hh.exe
3028	hh.exe

C:\Windows\hh.exe
"C:\Windows\hh.exe" C:\Users\Admin\AppData\Local\Temp\dvdshrink.chm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads