Overview

overview

8

Static

static

Backdoor.W...on.exe

windows7-x64

8

Backdoor.W...on.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2022, 18:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Backdoor.Win32.Hupigon.exe

  • Size

    613KB

  • MD5

    03c4dbf772380a46f0d71795e1ce6bf2

  • SHA1

    8366bc0858d21f07573b08de57d662a2a1a24c51

  • SHA256

    ed125acd9eaf97bc0fd455dd4eb257cfa662c4b96024d03678ddb35db035373b

  • SHA512

    251343fd85a4538aee24628a84662badd0d61bf38ffa8d239e21b74043805b18e5ebfd6a71070f8dcb7242ad1bb5456b2f7f50a1ca585e8a308656f88c9e2351

  • SSDEEP

    12288:jKFa0zkNhGNnoOx7Tz98HtoIUAtF3Z4mxxnDqVTVOCkEXW:jKjkN4iqXzyOmQmX2VTzkn

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Backdoor.Win32.Hupigon.exe
    "C:\Users\Admin\AppData\Local\Temp\Backdoor.Win32.Hupigon.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4856
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\Delete.bat
      2⤵
        PID:2240
    • C:\Windows\twunk_64.exe
      C:\Windows\twunk_64.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:3488
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        2⤵
          PID:1660

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Windows\Delete.bat
              Filesize

              166B

              MD5

              48b3de545aa164eacb2eb266c381deab

              SHA1

              aeae04d954b94fcc90c432d3ed00116d846e420e

              SHA256

              6abee46232fe488bca9dc7f2162bb54b1001fd63f5e19c4cd6ec5ca0591134aa

              SHA512

              625fd497f9f110f23f1599630a2d372bfd460b46f8d09421a14b0bf03c2648bf126a0c11eb9d3829b2ea04c9e42df2cbf1609875778a7481028d7fdda0728d55

              Download Submit

            • C:\Windows\twunk_64.exe
              Filesize

              613KB

              MD5

              03c4dbf772380a46f0d71795e1ce6bf2

              SHA1

              8366bc0858d21f07573b08de57d662a2a1a24c51

              SHA256

              ed125acd9eaf97bc0fd455dd4eb257cfa662c4b96024d03678ddb35db035373b

              SHA512

              251343fd85a4538aee24628a84662badd0d61bf38ffa8d239e21b74043805b18e5ebfd6a71070f8dcb7242ad1bb5456b2f7f50a1ca585e8a308656f88c9e2351

              Download Submit

            • C:\Windows\twunk_64.exe
              Filesize

              613KB

              MD5

              03c4dbf772380a46f0d71795e1ce6bf2

              SHA1

              8366bc0858d21f07573b08de57d662a2a1a24c51

              SHA256

              ed125acd9eaf97bc0fd455dd4eb257cfa662c4b96024d03678ddb35db035373b

              SHA512

              251343fd85a4538aee24628a84662badd0d61bf38ffa8d239e21b74043805b18e5ebfd6a71070f8dcb7242ad1bb5456b2f7f50a1ca585e8a308656f88c9e2351

              Download Submit

            • memory/3488-141-0x0000000000400000-0x0000000000506000-memory.dmp

              Filesize

              1.0MB

              Download

            • memory/3488-142-0x0000000000EF0000-0x0000000000F44000-memory.dmp

              Filesize

              336KB

              Download

            • memory/3488-143-0x0000000002020000-0x0000000002120000-memory.dmp

              Filesize

              1024KB

              Download

            • memory/3488-144-0x0000000002010000-0x0000000002015000-memory.dmp

              Filesize

              20KB

              Download

            • memory/3488-145-0x0000000000400000-0x0000000000506000-memory.dmp

              Filesize

              1.0MB

              Download

            • memory/3488-146-0x0000000002020000-0x0000000002120000-memory.dmp

              Filesize

              1024KB

              Download

            • memory/4856-135-0x0000000003490000-0x0000000003495000-memory.dmp

              Filesize

              20KB

              Download

            • memory/4856-134-0x00000000034A0000-0x00000000035A0000-memory.dmp

              Filesize

              1024KB

              Download

            • memory/4856-139-0x0000000000400000-0x0000000000506000-memory.dmp

              Filesize

              1.0MB

              Download

            • memory/4856-133-0x00000000022E0000-0x0000000002334000-memory.dmp

              Filesize

              336KB

              Download

            • memory/4856-132-0x0000000000400000-0x0000000000506000-memory.dmp

              Filesize

              1.0MB

              Download