246b9cd12a9223e2391eba6bceea79015b598b701a22294bd4373355a3b47c2e

Analysis

max time kernel
12s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 02:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WinTools.net Ultimate/Help/german.chm
Size

32KB
MD5

de697f0e0164beb84668d197d881b730
SHA1

2addd2faab18c7c3e473672337be1bf18483ad34
SHA256

56dd11ff924506a67b809464cab806de7fd1d796ae4ccddeb29b3896442b0c21
SHA512

7138fba311254812dc1fec5cc88e10006192c44bfcea268b84f8b2d752534c9c7bb8321b05e49e2061a469de24b28ea30e98616740e0b471a924b3e4ad5b1609
SSDEEP

768:UrGpLODv29uLJp6FZ8cNb1fjrW2vIpKx2:UrGpL7E36Fdr1vIph

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	hh.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2716	hh.exe
2716	hh.exe

C:\Windows\hh.exe
"C:\Windows\hh.exe" "C:\Users\Admin\AppData\Local\Temp\WinTools.net Ultimate\Help\german.chm"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...