Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
13-12-2024 07:34
General
-
Target
https://drive.google.com/file/d/1oCGtzrzqZsju5x6hv9lEAIXSo_k_Q2E8/view
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 32 IoCs
-
Checks whether UAC is enabled 1 TTPs 16 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 32 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 2 IoCs
-
NTFS ADS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
-
Suspicious use of FindShellTrayWindow 55 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1oCGtzrzqZsju5x6hv9lEAIXSo_k_Q2E8/view1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdac5c46f8,0x7ffdac5c4708,0x7ffdac5c47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5552 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6196 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6196 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6804 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6568 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\7z8B2A7958\setup.exeC:\Users\Admin\AppData\Local\Temp\7z8B2A7958\setup.exe3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\7z8BA8F374\setup.exeC:\Users\Admin\AppData\Local\Temp\7z8BA8F374\setup.exe3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6764 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4108 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2196,11259215628013980313,3145949067000725997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup (1).exe"C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup (1).exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\7z9C480918\setup.exeC:\Users\Admin\AppData\Local\Temp\7z9C480918\setup.exe3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup (1).exe"C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup (1).exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\7z98F6E440\setup.exeC:\Users\Admin\AppData\Local\Temp\7z98F6E440\setup.exe3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup (1).exe"C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup (1).exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\7z9B3BD558\setup.exeC:\Users\Admin\AppData\Local\Temp\7z9B3BD558\setup.exe3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup (1).exe"C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup (1).exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\7z9B29856C\setup.exeC:\Users\Admin\AppData\Local\Temp\7z9B29856C\setup.exe3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup (1).exe"C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup (1).exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\7z9BE945A0\setup.exeC:\Users\Admin\AppData\Local\Temp\7z9BE945A0\setup.exe3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup (1).exe"C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup (1).exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\7z9B16F614\setup.exeC:\Users\Admin\AppData\Local\Temp\7z9B16F614\setup.exe3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup (1).exe"C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup (1).exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\7z9B2386F4\setup.exeC:\Users\Admin\AppData\Local\Temp\7z9B2386F4\setup.exe3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\7z89CCC1FC\setup.exeC:\Users\Admin\AppData\Local\Temp\7z89CCC1FC\setup.exe2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\7z95922C18\setup.exeC:\Users\Admin\AppData\Local\Temp\7z95922C18\setup.exe2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\7z963B68F4\setup.exeC:\Users\Admin\AppData\Local\Temp\7z963B68F4\setup.exe2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\7z974401A4\setup.exeC:\Users\Admin\AppData\Local\Temp\7z974401A4\setup.exe2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\7z9AA15294\setup.exeC:\Users\Admin\AppData\Local\Temp\7z9AA15294\setup.exe2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\7z9BAD44BC\setup.exeC:\Users\Admin\AppData\Local\Temp\7z9BAD44BC\setup.exe2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"C:\Users\Admin\Downloads\AutoHotkey_1.1.37.02_setup.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\7z9ADE0818\setup.exeC:\Users\Admin\AppData\Local\Temp\7z9ADE0818\setup.exe2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e55832d7cd7e868a2c087c4c73678018
SHA1ed7a2f6d6437e907218ffba9128802eaf414a0eb
SHA256a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574
SHA512897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f
-
Filesize
152B
MD5c2d9eeb3fdd75834f0ac3f9767de8d6f
SHA14d16a7e82190f8490a00008bd53d85fb92e379b0
SHA2561e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66
SHA512d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd
-
Filesize
4KB
MD55e97fce74f925df116137d8be472c756
SHA1adea3f06f72d5a119ec7805b478560a9f0d7d192
SHA2566c30db03b70978b0cd571317e1bc1ed908b02f2ea9105535cd7cb493ce7ef4ec
SHA51270384ccb25ae27bef5167247ccd46616aabddb0d655d1280572af03162929c0bdc5239e00a0a7cafa71766ddcac5e453e18c97b4ad4a7595b4c9cf5a9d88548a
-
Filesize
2KB
MD51617fd900382b00ca07462c33c596f5a
SHA1b24cdfedffe28bb950622502d010827f93727baa
SHA25661927efa65e5cf1f545a8c576e2af4c10c3e4c91002760ecf61c571822315a5d
SHA512db7f8d4d60194bec011b0b7e960bb19ae77581386cedaa6470c602513deef91d21e6d36390a0991e53c9f57dda4ab2cf155ce5af01ece7cf8fb5f3f83a81dd1a
-
Filesize
456B
MD5bc0c8ea68e55a8592a82996b95ae76f0
SHA123f81d162756927ab8776c181e667e421116fd7f
SHA256fa36f357d4d2f691417d079475f859a74a5bdefb13fb499bce17f25ae3542177
SHA512481736c8559e1f78fabca6919a852e1c2d4bcf6f4cbf2347a8bbd3caa43709a6b806bfe5a8741ebddc2fae714031f1064dcc43cdd2b4ed667305e506c98ad70d
-
Filesize
4KB
MD5a224846844bc0937e922462109677d92
SHA1eef59377bfa3ded020aaa763bf2b6f4c788a9cdb
SHA2568a8d674f09022730a5900759dd4c9dae1c01e8e4364b1b0088bf79d21f181ba9
SHA512184e95a7a41b345d89d51faa6d103ba7609cd0b6f93b46054ad52220673b20474c0db5029003c37663a6efedfcd1a3c2ef24965ff9531ba4b2951abbc3130597
-
Filesize
5KB
MD539000bbf4bc343c488efb063733c2ea1
SHA1e4ad83d2bdf806cebac4136bf3cdc6c91f55561e
SHA256b8547334931222122e5671bd477ab0d627b04703d90209f1eb6936bb7665e536
SHA512174e19a1e13760b5beb867bc4324e72de27d91bfe637e830099d826748683559d026225c9003b9ed7f0aec2c4f699829208d27aa27238f8aa18a0d59636662e6
-
Filesize
7KB
MD593e908d4a7750c1f4c065a5b253fd419
SHA1d58c168bba8ad9c52985164c21c3fcfaa58a5c9a
SHA2563cdf294373dff087cbee2b99420c5e8e24b5eb39ef5213d3aa7cdb1db29599ce
SHA512c2127e02d03ff96db938c563fb9c9cd2ccbdb53150b7ee91a0d14b04bcbfd50e3002ac85f1a8a839b0f24c93f93bb944b1876c1f9ddcfd149c79d6af1b239430
-
Filesize
6KB
MD5c48519b1738164d47b9a6adfed67e45e
SHA10740d49fb0d65ee4d67aee9c940a7fc5787e3ea9
SHA25687646f40229f65d353096e7c18bd40761529803d8a86c0e62e281c8418a40a3d
SHA512b13202b3ad511da2c060ea44488fa1c2dd0e67ae6aa41ab70dcde33899cb6201f196f52e341681641f4b1c087fc15883e02046c2a8b4f2b432505620aca44cc6
-
Filesize
7KB
MD50e8fc2287ff898e370e50b0c0915c5e3
SHA1d4d2c9505b922f7c39f35ec8b53c7257572ffa74
SHA2562f3825471a278dd9495f9885445796db2255e5d17b418ea579bb0fe2f84cfe91
SHA5126e2ce2cd5423d197fab6ab884ac256d82b686d88b810886b90c9a9fcf0f52ca01f4155dcf992ce21b161e84f8cf1dfece874fcfdfb766a6a1e86aabd5db580d8
-
Filesize
1KB
MD551ddd9e396944e5123761cb782a8e527
SHA129565bb533038dab5bb2b5c73f6ead5f58ef37e2
SHA256a9d90f5f81b4b07b70fecd081237733d2080b742c02c2ad3e922e50b19840a45
SHA5121b53fecedf1a908ba7d74eaa0d75460bfdf1756490e71f61270b3fa9d8d3c1cedda394c88c87f0d0e6acc3fd836d9082416446513ec6314ef87ae7bdeb115a4b
-
Filesize
872B
MD51d5f1eba09eef5a41e52107b5cde6f13
SHA10e9cd9d15ac6d663416296659eb9336a318e8a2c
SHA256beed72651fe6f4efcf16c65445668e8384a44e779e7ba7222166bf99a9af3383
SHA512ca07fa22a5f09ae3c66e5685c41936bc8666a1ab61241b298aa624cf0a37d2a30266348678fca483e8be4b438e8de52c75514e2aa4bfe69b06619064d25cd6ff
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD590bc303e2eadc7a0a8b5e08840ceb04a
SHA127209a1748d52aec97f32acb439fe4c7acafc71b
SHA2565f36d893263cd93236c6cdaa68365cdd964b0f02b413f797325511523043f9c3
SHA512052a0b1e4b05e075ef09eaa8567f9e92401d87aab2131151743610c326db157e4af2b4b2f9c766f3ab9d569a98952f4aa2f75ffadd9bed72d59054c88679bece
-
Filesize
11KB
MD5bf85d38933ee02ab93e7242232a47a05
SHA1037714b6792210d9d0744cc0860be553b1751577
SHA25676ff21e7b4e22780cee618fcbbb8e2c7a756c99fd9fe432c075f8c27058f9f49
SHA5122259179ff93e80bb86a01494e19b27c47fcc49a73bf2a5cdd0a7fd02b50ffd3bec6e7b0c718cdfd698147535212e62c401bfcbf52bb3093af87b82416e4e007f
-
Filesize
10KB
MD573b687e65b99e44a4185be9f78ad3a0c
SHA1299a750d13dcb07200c360dd54f8a555eb476b44
SHA256058f7ea2c6e8be5bab7e3e4eb113314544743e27731b9f13f66b54df0140990a
SHA512e3c27216f77b71fec810302db9b4440f6f8318579eb640b3f7cb65abc978337c85ead07d2f3292fcca03cc61ce08505a46ee80c6c0ecb9ca4f5ca9e6d46c4857
-
Filesize
11KB
MD5fc725f1ec193a9514b4f71c77fefc976
SHA1dcf09723a9de64272e986b6453f7580d6af2e9a9
SHA2563775022708af5cdd00454cbc079b3cb62b3dc092e56910f3c783b2eb34d8770b
SHA51233f4cce24b8ce403a864223d30cd9e29b769dc12f3255243bc4f78a4e9f7a762fd2088b37856a9f27d353c94109c40e4f8cfc9141a15e739018f46b9f183fdac
-
Filesize
10KB
MD5944f811e71e578cc6d885de7497d0aee
SHA120d6e7ce3c17984b262d37130f16d04f4f39d394
SHA25690db6e8b1d8ed7e7746b65caef21a4c028887807a5513449e53271fb89cfa5c1
SHA51267ed4ddd453df974f3b7ddd338ce5b9f4419af6672572b803169d14473037645616bb11a4658f092f4b76b71cab9cd6bc46d437e8fdfe124f67efceb8d68eb03
-
Filesize
1.9MB
MD517d5e275dbc8278d888f7da1d681d7e3
SHA1245cd35e6caa42fdd3936d2122c7464c877d6591
SHA256de37a93068ca25701b3413eab0f01fa1646d2dab0346d78494192e95d94ad521
SHA512041420c5fcba5d2fa5e2d549319948eb77b416cb32ce848218b2681f3bdb5a7ab50d795cfdabd068330f6a4f16812ae91564d654a958b0f0bb188d11890c4ad2
-
Filesize
775KB
MD5fd94b77958305a1ac3eeac27ee765256
SHA1bdf7f5633cd529186c7c9c87c120a58c35515d2e
SHA2566a98b438b67da7316e9251eb1a92cd5384a8349d239a77903f7282fa076a77c3
SHA5121e97ddbe9374513ec9a1f51313efb3621f81a309bf78982688b4c19aa389f0b422a604d8adcd84dc1ba28f44135d30edde06e32705fe02762e92cf2bbc725a91
-
Filesize
893KB
MD5b6af97aa32c636c3c4e87bb768a3ceb7
SHA183054af67df43ae70c7f8ac6e8a499d9c9dd82ec
SHA256ba35b8b4346b79b8bb4f97360025cb6befaf501b03149a3b5fef8f07bdf265c7
SHA51254d2e806503f8a4145ee1519fc5e93cef6bf352cf20042569466f6c402b0a402bce99066decd7729c415cd57da7a9923a1b65926b242672731fe2f9709cf6920
-
Filesize
1.3MB
MD52d0600fe2b1b3bdc45d833ca32a37fdb
SHA1e9a7411bfef54050de3b485833556f84cabd6e41
SHA256effdea83c6b7a1dc2ce9e9d40e91dfd59bed9fcbd580903423648b7ca97d9696
SHA5129891cd6d2140c3a5c20d5c2d6600f3655df437b99b09ae0f9daf1983190dc73385cc87f02508997bb696ac921eee43fccdf1dc210cc602938807bdb062ce1703
-
Filesize
704KB
MD531ed560d3edc5f1eea515c4358b90406
SHA136efc45f806ee021ef972dc80932f13f532d9ccd
SHA256f5a5c05bf0fedcc451ade5676a5647e828a6f08cf6c21970e6c035f4311b5a3c
SHA512cb410bad3297493b68e51677b920a808393a30096eefd1cb2c7cf07c8432c78658e803099841be8167eff3f42475b765992da7c11a31e39108ba49010b07ba6f
-
Filesize
972KB
MD578515b1091f74c0f828aed92d3c972b0
SHA10103e030518db102631310ce4e2eb7673d7a1994
SHA256754a28ed76a7b4eba7909b146cfc4c4c2aa43aff54e10a5cd6dbc939c0732b6a
SHA5128edcfe6a59d56d69f0fb7672410fcb24fa0722a5d651f076a3b76a424140e162a213fb038c995ae9c2024929c88aa1fbd979694a485163c2d3f8ca3be75502a2
-
Filesize
822KB
MD5db213c2dc5d0f542a1e925f09c021e05
SHA141bebccc1dd9c44c4407892daa3d3fe44c2216d7
SHA2562d193510b56fbdb8530f8ded2f1c9fb982df971dca5fad1f24f558be16a4f804
SHA512dd0977a599359f577c5a52d0f86092a12488f291613a0d4812fca64e0553c4d61501d5213e7afd1a62c62da8470e4453f8d1ea2bbea0be74ab223bd4b47e97cc
-
Filesize
1.2MB
MD530da2df436169d6f09732e61d8849a05
SHA125694362dfa391caf55733772ca61a95978d507c
SHA2566e7c9ae1daabdb958a4d9c8e7297ba956c9504b5f76ce61fc31281f5bb0b0b55
SHA512134b616b01a18f9451cbfd947d6dfcba21a31615a5cb513a29c6e5f77d8bb2776e868a215f7f533b1bac6a82536cd8838db7b1f69025735cbacf94afce158066
-
Filesize
65KB
MD5015d8f0a9ba93e41f418b8db8bef6a10
SHA106d35e419dc82f91d123f129b88ff46511d1cf2b
SHA256ef88ba74aef53793937ddfaaca4908772fbaf2e7c9bfb5fdeb3c0a6b95755cd0
SHA512cd034768b35fdb96251563cb87cddbfa63c55bfb798aa8ec6fdd9faa6b0155d6b42bc30ace6fe9034aac45ba3abc434613df2cb0e07a4b1b0bf0ed8ebb2e71d7
-
Filesize
324B
MD5a85eeb1dc6f9a33897c407b4240dc20f
SHA1be409c1ba630f2f11ab31e5f42c8a90ab49e8d8c
SHA25623e5115a25e2d539057443b0f0e9740b9ae85d7de0da204f1d739c9b2e206058
SHA5129ecaf71105745739d79207313bc837ecb9fe63cd1cb66e75808e615dc58f5d931f9744fbb04c74085a8cb03142ce43611af7763e8b21e4821a32a58b0d64f77a
-
Filesize
5KB
MD532020e55548b1e9e7ce22899617d5cd2
SHA16aaeb5009dfae698449449e560feda2257187fd0
SHA2564688629be394986c8dbe6517032429e6e8cdd9f5801ddb1ac1f53e6fe86eee7b
SHA51212b5ec622a7f5d3b07d7db821002e4d7886095be0274509d721040812bcf01348daa6a6c9db485d6ac6b58f9684443db0a31963433a33cd3e8a3c7c2e3119475
-
Filesize
17KB
MD5e3f2ad7733f3166fe770e4dc00af6c45
SHA13d436ffdd69f7187b85e0cf8f075bd6154123623
SHA256b27c1a7c92686e47f8740850ad24877a50be23fd3dbd44edee50ac1223135e38
SHA512ed97318d7c5beb425cb70b3557a16729b316180492f6f2177b68f512ba029d5c762ad1085dd56fabe022b5008f33e9ba564d72f8381d05b2e7f0fa5ec1aecdf3
-
Filesize
872KB
MD5b98ee9e00b5546763f9c6e65e436f6e6
SHA1a28e2b0ba6cc748d166b2eb6d0c8acb0bd3b9f3b
SHA2566d876c526b5cbc5dc5341c1011b1c91639597f46677a1d42426f4a52dfea6756
SHA512556e632fe39231622398c5afccc51d01f25bc430705a126737877ed9f354c7076b5bf3cbac27f8a1c4db4d326b6a8848fae4b8d6046f816597c370d06e824591
-
Filesize
25KB
MD536ddfbe29f2fd3366ca298b350a6cb19
SHA10b5c4d270dc47b4ae1b1f59f85b8617bf8a7b036
SHA2564acb8e96da33a31d5f8384635cc994bebac071f16093ae6ed7f909f6a3bf7218
SHA51254760d5e130e90a07c238fceee800da27d567671a22bdf6ab7f6f21a148f072e7b2f07d7e74e55f32d7d8e4c52779882ae6681a0653e2fcd564a7dafc94593ae
-
Filesize
3.3MB
MD5c2e8062052bb2b25d4951b78ba9a5e73
SHA1947dbf6343d632fc622cc2920d0ad303c32fcc80
SHA25649a48e879f7480238d2fe17520ac19afe83685aac0b886719f9e1eac818b75cc
SHA512c9a5ea57842f69223bd32a9b9e4aaad44d422f56e362469299f56d8b34b5e8bbf2b51d4e64d2bebe6c95d6d8545a8a88e6107b9b0a813e469f613e1353aad7a4