9a961df9be3826b2c77e46193454af385add6adb581d4848f7319b2da9a3e33e

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 00:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

h2m-mod.exe
Size

7.2MB
MD5

8f27c733486dc0f2325384d779041c24
SHA1

c380ee264a977aece44e7d0934e0154156170a2e
SHA256

9a961df9be3826b2c77e46193454af385add6adb581d4848f7319b2da9a3e33e
SHA512

24b0d41a07d3f432d9da8d1ee6c6a999a8eb48e327e71a16354f53ff083bb8af61d593ab95d27f8a5b2c6534e00fa3fe124cbc4ea40250e289a9ae48400dff18
SSDEEP

98304:yjtYW8rlXVeFGxGD3u4k9sNzJm9+bBX3AtlGGoJXiir7BzN1BNN1BPak+:kYW8ZleFGwa4k9+zJm0GoJxaF

Score

8^/10

persistence

Malware Config

Signatures

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\h2m-mod.exe	h2m-mod.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\h2m-mod.exe\MaxLoaderThreads = "1"	h2m-mod.exe

C:\Users\Admin\AppData\Local\Temp\h2m-mod.exe
"C:\Users\Admin\AppData\Local\Temp\h2m-mod.exe"
1⤵
- Event Triggered Execution: Image File Execution Options Injection
PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Image File Execution Options Injection

T1546.012

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads