66a2a44bb96642118a52c0ac0c08c793ae3376296b022727f8d8dcde82d0eb82

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 17:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FSCapture_V6.9_Chs@20110526/FSCaptureHelp.chm
Size

77KB
MD5

992ffc521362d11b78621df06e541e9d
SHA1

5894511e74a443d6b56096b43b73a438a75a7eae
SHA256

477be6c0e6a48a179a4dfc5cb64a4d6bb8a7df3e96319a5f9fecb814bb950c75
SHA512

19f67bfde5fedf6a41203aff2592a86911aadb7d0d179b8e5f68e0cd796e50a6c5bcb59966de47b60e242a8b38a7a91d5daa323a2bbdfbeae6aba904ba57366f
SSDEEP

1536:ZgFCYf5o/vlvLo3F8eePiMH4Nr3puvI6IxbRkg64iZk6Og4W:yFCYBoVVeePiMeuIug5eH

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	hh.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1780	hh.exe
1780	hh.exe

C:\Windows\hh.exe
"C:\Windows\hh.exe" C:\Users\Admin\AppData\Local\Temp\FSCapture_V6.9_Chs@20110526\FSCaptureHelp.chm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads