Analysis
-
max time kernel
585s -
max time network
613s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
25-11-2022 09:14
General
-
Target
Herobots Launcher.exe
-
Size
68.7MB
-
MD5
0706a5e09c3a7e2dbbdba209aebdab24
-
SHA1
3353060b6b6cfd1d6c8acbd7bdc8c2067feef23f
-
SHA256
f11247d3a0f993401c85e57ce1b6555871ac1fd334213893249901b925e1ba3d
-
SHA512
368bcc5cf1757644b763ceae4641d38d3a8215562dfe208c5f7cb171817edc38ea6874ffca9d5136cf13a04d5eb8e8f655643f98409bcc646621f20b983db68f
-
SSDEEP
1572864:wlB9i1v6tZEw9+xiLEJW6n2waOXmlX2NfqyAnrZ:2B9K6cw9+0LGp2wBXqkSfrZ
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Herobots Launcher.exe"C:\Users\Admin\AppData\Local\Temp\Herobots Launcher.exe"1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\nsqD159.tmp\System.dllFilesize
12KB
MD50d7ad4f45dc6f5aa87f606d0331c6901
SHA148df0911f0484cbe2a8cdd5362140b63c41ee457
SHA2563eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
C:\Users\Admin\AppData\Local\Temp\nsqD159.tmp\nsis7z.dllFilesize
424KB
MD580e44ce4895304c6a3a831310fbf8cd0
SHA136bd49ae21c460be5753a904b4501f1abca53508
SHA256b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df