8c2ecd1251a00ea84c020a4196d1aa282b1dc2328f3caaf4131906be62b2e3dd

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 11:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Cool MP3 Splitter & Joiner/help.chm
Size

104KB
MD5

db96401babdc12f7e28395701b64303c
SHA1

1d309bc9ea727d7ddf2d11089b72a5ef966c75c4
SHA256

4167db0f8d2271429c83f35c4c9b6a7161b5631583b27e4eed929d9346ee28a2
SHA512

ce440a66d52096bae92fecaee96f92139aea3e3f117e7ed64721914b4131fb45a2e19a3b6c2c2baa9b16aaea1ec7c785b39b23eb54a58c98372c5eebde83fca4
SSDEEP

3072:P7VcEDF0vhsB+JxtsOq6wtrclilkMgO99Fn:P7SEDFiBtsO70rc5uX

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	hh.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2364	hh.exe
2364	hh.exe

C:\Windows\hh.exe
"C:\Windows\hh.exe" "C:\Users\Admin\AppData\Local\Temp\Cool MP3 Splitter & Joiner\help.chm"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...