ttt.hta

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW May 17, 2024, 10:10 a.m.	computer_name: TEST22-PC	1	1	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 17, 2024, 10:10 a.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory May 17, 2024, 10:10 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bc2000 process_handle: 0xffffffff	1	0	0

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory May 17, 2024, 10:10 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x7ef80000 process_handle: 0xffffffff	1	0	0

Disables proxy possibly for traffic interception (1 event)

Time & API	Arguments	Status	Return	Repeated
RegSetValueExA May 17, 2024, 10:10 a.m.	key_handle: 0x000003c0 regkey_r: ProxyEnable reg_type: 4 (REG_DWORD) value: 0 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable	1	0	0

File has been identified by 23 AntiVirus engines on VirusTotal as malicious (23 events)

Lionic	Trojan.HTML.Valyria.a!c
Skyhigh	BehavesLike.HTML.Dropper.zq
ALYac	Trojan.Script.Agent
VIPRE	VB:Trojan.Kimsuky.A
Arcabit	VB:Trojan.Kimsuky.A
Symantec	Trojan Horse
ESET-NOD32	VBS/Kimsuky.AM
TrendMicro-HouseCall	TROJ_FRS.0NA104EE24
Avast	Other:Malware-gen [Trj]
Kaspersky	HEUR:Trojan-Downloader.HTA.SLoad.gen
BitDefender	VB:Trojan.Kimsuky.A
MicroWorld-eScan	VB:Trojan.Kimsuky.A
Rising	Trojan.Kimsuky/VBS!8.13D95 (TOPIS:E0:3BSGVFy9i7O)
Emsisoft	VB:Trojan.Kimsuky.A (B)
TrendMicro	TROJ_FRS.0NA104EE24
FireEye	VB:Trojan.Kimsuky.A
Ikarus	Trojan.VBS.Kimsuky
Microsoft	Trojan:VBS/Malgent!MSR
ViRobot	VBS.S.Running.1556
ZoneAlarm	HEUR:Trojan-Downloader.HTA.SLoad.gen
GData	VB:Trojan.Kimsuky.A
MAX	malware (ai score=81)
AVG	Other:Malware-gen [Trj]