Overview

overview

10

Static

static

847ffc3e90...79.exe

windows7-x64

10

847ffc3e90...79.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    210s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 10:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    847ffc3e90573d4faf845bb9473ce93960527e6d3086a58ef09441503c195179.exe

  • Size

    82KB

  • MD5

    7a9f7f8cfa8a9b003ec8a02c2be2bbf1

  • SHA1

    5b14b06002dd19c1d916dc560936860b8d615830

  • SHA256

    847ffc3e90573d4faf845bb9473ce93960527e6d3086a58ef09441503c195179

  • SHA512

    a1637d98ef81c89d030dc96e8ca0a7ce5c77a16c9f9e8e4ca5e78166b71ebc2548a8a318af100e2c616466ec679c9271b0eebdaf7eb2862f38f7e0a4869ffde1

  • SSDEEP

    1536:tnqdu3abBGy3G8V0iuokdQX2oooD+AyxAr/:tqhMPskdQXMm/

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies system executable filetype association 2 TTPs 2 IoCs
    persistence
  • Modifies visibility of file extensions in Explorer 2 TTPs 2 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 6 IoCs
  • Drops file in Program Files directory 34 IoCs
  • Modifies registry class 36 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\847ffc3e90573d4faf845bb9473ce93960527e6d3086a58ef09441503c195179.exe
    "C:\Users\Admin\AppData\Local\Temp\847ffc3e90573d4faf845bb9473ce93960527e6d3086a58ef09441503c195179.exe"
    1⤵
    • Modifies system executable filetype association
    • Modifies visibility of file extensions in Explorer
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1756
    • \??\c:\Documents and Settings\Admin\Application Data\Microsoft\hdsp.exe
      "c:\Documents and Settings\Admin\Application Data\Microsoft\hdsp.exe" 847ffc3e90573d4faf845bb9473ce93960527e6d3086a58ef09441503c195179
      2⤵
      • Modifies system executable filetype association
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Enumerates connected drives
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:548

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\hdsp.exe
    Filesize

    82KB

    MD5

    b9812caa00fe49dd92183b81530bc9c5

    SHA1

    df587f23589a2d78fc9c99c2691747a59210d0e4

    SHA256

    9fd40ff9fc05375b068ccb0400770147193d52c2c38064c3a41cb42fe9e2adfa

    SHA512

    fa43434a525c96dd3b9ef920c77133ac9acce8eff2c07b21a746f7506abfd4fd2974172ee399284a1a23eda8294e70045cce0fae1cd112bdb500dd519f641a2d

    Download Submit

  • \??\c:\Documents and Settings\Admin\Application Data\Microsoft\hdsp.exe
    Filesize

    82KB

    MD5

    b9812caa00fe49dd92183b81530bc9c5

    SHA1

    df587f23589a2d78fc9c99c2691747a59210d0e4

    SHA256

    9fd40ff9fc05375b068ccb0400770147193d52c2c38064c3a41cb42fe9e2adfa

    SHA512

    fa43434a525c96dd3b9ef920c77133ac9acce8eff2c07b21a746f7506abfd4fd2974172ee399284a1a23eda8294e70045cce0fae1cd112bdb500dd519f641a2d

    Download Submit

  • \??\c:\windows\SysWOW64\Windows 3D.scr
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • \??\c:\windows\SysWOW64\maxtrox.txt
    Filesize

    8B

    MD5

    24865ca220aa1936cbac0a57685217c5

    SHA1

    37f687cafe79e91eae6cbdffbf2f7ad3975f5e83

    SHA256

    841e95fa333ed89085bfbab19bb658d96ed0c837d25721411233fa55c860c743

    SHA512

    c8d3f514c72f48fed5de9582c4252cf5466a9d32866d8df3631ba9274ed734bb95139e4909e8116a10947fc1afa1dbeb33809da6ec050e6e4eb83d5241aeb062

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\hdsp.exe
    Filesize

    82KB

    MD5

    b9812caa00fe49dd92183b81530bc9c5

    SHA1

    df587f23589a2d78fc9c99c2691747a59210d0e4

    SHA256

    9fd40ff9fc05375b068ccb0400770147193d52c2c38064c3a41cb42fe9e2adfa

    SHA512

    fa43434a525c96dd3b9ef920c77133ac9acce8eff2c07b21a746f7506abfd4fd2974172ee399284a1a23eda8294e70045cce0fae1cd112bdb500dd519f641a2d

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\hdsp.exe
    Filesize

    82KB

    MD5

    b9812caa00fe49dd92183b81530bc9c5

    SHA1

    df587f23589a2d78fc9c99c2691747a59210d0e4

    SHA256

    9fd40ff9fc05375b068ccb0400770147193d52c2c38064c3a41cb42fe9e2adfa

    SHA512

    fa43434a525c96dd3b9ef920c77133ac9acce8eff2c07b21a746f7506abfd4fd2974172ee399284a1a23eda8294e70045cce0fae1cd112bdb500dd519f641a2d

    Download Submit

  • memory/548-58-0x0000000000000000-mapping.dmp

    Download