Overview
overview
8Static
static
1.exe
windows7_x64
11.exe
windows10_x64
8Fallen.exe
windows7_x64
8Fallen.exe
windows10_x64
8Inte.exe
windows7_x64
8Inte.exe
windows10_x64
8LX64
windows7_x64
1LX64
windows10_x64
1Server.exe
windows7_x64
8Server.exe
windows10_x64
8hfs.exe
windows7_x64
6hfs.exe
windows10_x64
6hfs_1.exe
windows7_x64
6hfs_1.exe
windows10_x64
6hg
windows7_x64
1hg
windows10_x64
1java
windows7_x64
1java
windows10_x64
1moren.exe
windows7_x64
6moren.exe
windows10_x64
6Analysis
-
max time kernel
151s -
max time network
150s -
platform
windows10_x64 -
resource
win10v200217 -
submitted
10-03-2020 00:09
Static task
static1
Behavioral task
behavioral1
Sample
1.exe
Resource
win7v200217
Behavioral task
behavioral2
Sample
1.exe
Resource
win10v200217
Behavioral task
behavioral3
Sample
Fallen.exe
Resource
win7v200217
Behavioral task
behavioral4
Sample
Fallen.exe
Resource
win10v200217
Behavioral task
behavioral5
Sample
Inte.exe
Resource
win7v200217
Behavioral task
behavioral6
Sample
Inte.exe
Resource
win10v200217
Behavioral task
behavioral7
Sample
LX64
Resource
win7v200217
Behavioral task
behavioral8
Sample
LX64
Resource
win10v200217
Behavioral task
behavioral9
Sample
Server.exe
Resource
win7v200217
Behavioral task
behavioral10
Sample
Server.exe
Resource
win10v200217
Behavioral task
behavioral11
Sample
hfs.exe
Resource
win7v200217
Behavioral task
behavioral12
Sample
hfs.exe
Resource
win10v200217
Behavioral task
behavioral13
Sample
hfs_1.exe
Resource
win7v200217
Behavioral task
behavioral14
Sample
hfs_1.exe
Resource
win10v200217
Behavioral task
behavioral15
Sample
hg
Resource
win7v200217
Behavioral task
behavioral16
Sample
hg
Resource
win10v200217
Behavioral task
behavioral17
Sample
java
Resource
win7v200217
Behavioral task
behavioral18
Sample
java
Resource
win10v200217
Behavioral task
behavioral19
Sample
moren.exe
Resource
win7v200217
Behavioral task
behavioral20
Sample
moren.exe
Resource
win10v200217
General
-
Target
hfs_1.exe
-
Size
153KB
-
MD5
8d1d6e7c36bc9c97338a71c862dc52a0
-
SHA1
ea0cd6c2983a4fda97302cf338b3fbac20a3cc1e
-
SHA256
636f404892310f7f7cbffd013d5ebd5895b309af2b0bb18814e52c5548e4d4a6
-
SHA512
fe89091867ddfb2e9b8a94edaf5c5d56d61fffa5dd9f604013ebfd19498625d5d0a8c7db0ae4c215bbe00c2c6682a90137abc91de24c89d16dbcd0f961194923
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
hfs_1.exepid process 4000 hfs_1.exe 4000 hfs_1.exe -
Adds Run entry to start application 2 TTPs 1 IoCs
Processes:
hfs_1.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Realtek¸ßÇåÎúÒôƵ¹ÜÀíÆ÷ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hfs_1.exe" hfs_1.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4000-0-0x0000000010000000-0x000000001002B000-memory.dmpFilesize
172KB