f3a16170ee64764604dbcf56a58925e3b0bd15536ec84b3a3f52412748684ea5

Analysis

max time kernel
151s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 17:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f3a16170ee64764604dbcf56a58925e3b0bd15536ec84b3a3f52412748684ea5.exe
Size

58KB
MD5

bf3d84242c32c7da13ba23120088b4d4
SHA1

4d60060cf4d22187311de6ea699d31bdf8b3c15b
SHA256

f3a16170ee64764604dbcf56a58925e3b0bd15536ec84b3a3f52412748684ea5
SHA512

fdc888fcd2172396688d196cc5d6a24cfc8afc7687191c2734c4d6e66ae05a8956c2dedf8921750fb3ef0cfe8383e8f618f331d455ff3091b8bb15a6d6116ca5
SSDEEP

768:8myegkMUREYKx+xlSnufKwgFj9ISba56K+Mt44yHl:8VelzPxgws9ISm5Nt44yHl

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2796	hmrfma.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\hmrfma.exe	f3a16170ee64764604dbcf56a58925e3b0bd15536ec84b3a3f52412748684ea5.exe
File opened for modification	C:\Program Files (x86)\Google\hmrfma.exe	f3a16170ee64764604dbcf56a58925e3b0bd15536ec84b3a3f52412748684ea5.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	hmrfma.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	hmrfma.exe

C:\Users\Admin\AppData\Local\Temp\f3a16170ee64764604dbcf56a58925e3b0bd15536ec84b3a3f52412748684ea5.exe
"C:\Users\Admin\AppData\Local\Temp\f3a16170ee64764604dbcf56a58925e3b0bd15536ec84b3a3f52412748684ea5.exe"
1⤵
- Drops file in Program Files directory
PID:2496

C:\Program Files (x86)\Google\hmrfma.exe
"C:\Program Files (x86)\Google\hmrfma.exe"
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2796

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\hmrfma.exe

Filesize
58KB

MD5
bf3d84242c32c7da13ba23120088b4d4

SHA1
4d60060cf4d22187311de6ea699d31bdf8b3c15b

SHA256
f3a16170ee64764604dbcf56a58925e3b0bd15536ec84b3a3f52412748684ea5

SHA512
fdc888fcd2172396688d196cc5d6a24cfc8afc7687191c2734c4d6e66ae05a8956c2dedf8921750fb3ef0cfe8383e8f618f331d455ff3091b8bb15a6d6116ca5

Download Submit
C:\Program Files (x86)\Google\hmrfma.exe

Filesize
58KB

MD5
bf3d84242c32c7da13ba23120088b4d4

SHA1
4d60060cf4d22187311de6ea699d31bdf8b3c15b

SHA256
f3a16170ee64764604dbcf56a58925e3b0bd15536ec84b3a3f52412748684ea5

SHA512
fdc888fcd2172396688d196cc5d6a24cfc8afc7687191c2734c4d6e66ae05a8956c2dedf8921750fb3ef0cfe8383e8f618f331d455ff3091b8bb15a6d6116ca5

Download Submit