Overview

overview

9

Static

static

hl3x.bin.exe

windows7_x64

7

hl3x.bin.exe

windows10_x64

9

Analysis

  • max time kernel
    120s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    05-11-2020 04:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    hl3x.bin.exe

  • Size

    1.1MB

  • MD5

    aa353bc3e7a9c6551c630970bd539d7f

  • SHA1

    5466e81368431cc7d95d0e61ccad0532a7850a4b

  • SHA256

    98527afb21c16cf3c62da74174d10c01f49070772bf8108ecae708b2420a53f9

  • SHA512

    6bf7b873e9ed3acb6ea6f7782a67c549dadea0c33186767dd322818852193111a1f27a19dfd5c639f6c01bc73c9099d8327edd808d9c0509dd8ce91493c32349

Score
7/10
discoveryspyware

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of SetThreadContext 1 IoCs
  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\hl3x.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\hl3x.bin.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:300
    • C:\Users\Admin\AppData\Local\Temp\hl3x.bin.exe
      "C:\Users\Admin\AppData\Local\Temp\hl3x.bin.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2044
      • C:\Windows\SysWOW64\cmd.exe
        /c timeout /t 3 & del /f /q C:\Users\Admin\AppData\Local\Temp\hl3x.bin.exe
        3⤵
        • Deletes itself
        • Suspicious use of WriteProcessMemory
        PID:744
        • C:\Windows\SysWOW64\timeout.exe
          timeout /t 3
          4⤵
          • Delays execution with timeout.exe
          PID:1068

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/300-0-0x0000000074DC0000-0x00000000754AE000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/300-1-0x0000000001010000-0x0000000001011000-memory.dmp
    Filesize

    4KB

    Download
  • memory/300-3-0x0000000000290000-0x00000000002BC000-memory.dmp
    Filesize

    176KB

    Download
  • memory/300-4-0x00000000003D0000-0x00000000003DC000-memory.dmp
    Filesize

    48KB

    Download
  • memory/744-9-0x0000000000000000-mapping.dmp
    Download
  • memory/1068-10-0x0000000000000000-mapping.dmp
    Download
  • memory/1280-8-0x000007FEF7D40000-0x000007FEF7FBA000-memory.dmp
    Filesize

    2.5MB

    Download
  • memory/2044-5-0x0000000000400000-0x0000000000430000-memory.dmp
    Filesize

    192KB

    Download
  • memory/2044-6-0x0000000000416223-mapping.dmp
    Download
  • memory/2044-7-0x0000000000400000-0x0000000000430000-memory.dmp
    Filesize

    192KB

    Download