Overview

overview

8

Static

static

8

1433_hack4...st.exe

windows7-x64

8

1433_hack4...st.exe

windows10-2004-x64

1

1433_hack4...��.exe

windows7-x64

8

1433_hack4...��.exe

windows10-2004-x64

8

1433_hack4...er.exe

windows7-x64

1433_hack4...er.exe

windows10-2004-x64

1433_hack4...me.swf

windows7-x64

3

1433_hack4...me.swf

windows10-2004-x64

3

1433_hack4...in.url

windows7-x64

6

1433_hack4...in.url

windows10-2004-x64

1433_hack4...��.url

windows7-x64

1

1433_hack4...��.url

windows10-2004-x64

1

1433_hack4...��.url

windows7-x64

1

1433_hack4...��.url

windows10-2004-x64

1

1433_hack4...13.exe

windows7-x64

1

1433_hack4...13.exe

windows10-2004-x64

1

1433_hack4...14.exe

windows7-x64

1

1433_hack4...14.exe

windows10-2004-x64

1

1433_hack4...��.exe

windows7-x64

8

1433_hack4...��.exe

windows10-2004-x64

8

1433_hack4....5.exe

windows7-x64

8

1433_hack4....5.exe

windows10-2004-x64

8

1433_hack4...nH.dll

windows7-x64

8

1433_hack4...nH.dll

windows10-2004-x64

1433_hack4...��.exe

windows7-x64

1

1433_hack4...��.exe

windows10-2004-x64

1

1433_hack4...fs.exe

windows7-x64

6

1433_hack4...fs.exe

windows10-2004-x64

1433_hack4...ex.hta

windows7-x64

1

1433_hack4...ex.hta

windows10-2004-x64

1

1433_hack4...SD.exe

windows7-x64

3

1433_hack4...SD.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    228s
  • max time network
    161s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2022 18:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1433_hack44.cn/hfs2_3b285/hfs.exe

  • Size

    848KB

  • MD5

    ab10437956af910c98764dfd9eec222e

  • SHA1

    617542edf2abf40ee2e5a9cb3c3ccdc9face216f

  • SHA256

    48d1e2f9786c379b6a67d04184d4bd43232656d368dd7eecfc3380d239dad4e6

  • SHA512

    31a98f6bc0d34839ea542b18bf77a14858d176dedd2135288a401baf0933fb3f7fcfe6c5a95b5c990de630e03eca922fa6e2285dddb309fb5d5e0cfa0602311c

  • SSDEEP

    24576:QBVHbzzj4tLvPoz1rZe/IkAzEcur9tVXJ6Dc:QBVDj4t7oJrYE4cu/bmc

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 19 IoCs
  • Suspicious use of SendNotifyMessage 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1433_hack44.cn\hfs2_3b285\hfs.exe
    "C:\Users\Admin\AppData\Local\Temp\1433_hack44.cn\hfs2_3b285\hfs.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2028

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2028-54-0x0000000000400000-0x000000000067E000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2028-55-0x0000000075071000-0x0000000075073000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2028-56-0x0000000000400000-0x000000000067E000-memory.dmp

    Filesize

    2.5MB

    Download