b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d

Analysis

max time kernel
36s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 20:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
Size

1.5MB
MD5

3910ef983b69104abeba5ec291728ac2
SHA1

cfc1dcb01c813f09cb9f5250faef413c4cd7183b
SHA256

b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d
SHA512

e3768efe9445b94cef426e715c951cc55401f1f1504b220b9bacbdf33e788179ea10c37758861a5bc96dee8187bbedc31be6281048f2327d7f68541f6c6b6842
SSDEEP

24576:DIEA/gk7ypzK7RlBO4cCuTdnF5CsNX6uOdIhBfBAAElYO/knVnVqOY4b74:DIEXVKlfOfFYsNX6zApXEVkVwOY4n4

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 40 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\hahagame\Skins\青葱岁月.asz	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File opened for modification	C:\Program Files (x86)\hahagame\bb.exe	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File created	C:\Program Files (x86)\hahagame\count.htm	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File opened for modification	C:\Program Files (x86)\hahagame\Skins	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File opened for modification	C:\Program Files (x86)\hahagame\Skins\灰色轨迹.asz	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File opened for modification	C:\Program Files (x86)\hahagame\Skins\蔚蓝天际.asz	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File created	C:\Program Files (x86)\hahagame\Skins\金色年华.asz	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File opened for modification	C:\Program Files (x86)\hahagame\Skins\金属之美.asz	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File created	C:\Program Files (x86)\hahagame\ClientUpdate.exe	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File opened for modification	C:\Program Files (x86)\hahagame	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File created	C:\Program Files (x86)\hahagame\Skins\Office2003.asz	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File opened for modification	C:\Program Files (x86)\hahagame\Skins\冬季恋歌.asz	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File created	C:\Program Files (x86)\hahagame\Skins\怀旧木纹.asz	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File opened for modification	C:\Program Files (x86)\hahagame\828la.exe	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File created	C:\Program Files (x86)\hahagame\Skins\Office2007.asz	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File opened for modification	C:\Program Files (x86)\hahagame\Skins\Office2007.asz	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File created	C:\Program Files (x86)\hahagame\Skins\简约之美.asz	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File opened for modification	C:\Program Files (x86)\hahagame\Skins\简约之美.asz	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File created	C:\Program Files (x86)\hahagame\chis.ini	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File opened for modification	C:\Program Files (x86)\hahagame\chs.dll	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File created	C:\Program Files (x86)\hahagame\GameClient.exe	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File opened for modification	C:\Program Files (x86)\hahagame\Skins\Office2003.asz	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File created	C:\Program Files (x86)\hahagame\Skins\冬季恋歌.asz	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File opened for modification	C:\Program Files (x86)\hahagame\Skins\怀旧木纹.asz	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File created	C:\Program Files (x86)\hahagame\828la.exe	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File opened for modification	C:\Program Files (x86)\hahagame\ClientUpdate.exe	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File opened for modification	C:\Program Files (x86)\hahagame\Skins\兰色沉思.asz	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File created	C:\Program Files (x86)\hahagame\Skins\金属之美.asz	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File opened for modification	C:\Program Files (x86)\hahagame\chis.ini	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File created	C:\Program Files (x86)\hahagame\chs.dll	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File created	C:\Program Files (x86)\hahagame\__tmp_rar_sfx_access_check_7106999	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File created	C:\Program Files (x86)\hahagame\Skins\灰色轨迹.asz	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File created	C:\Program Files (x86)\hahagame\flash.mdb	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File created	C:\Program Files (x86)\hahagame\Skins\蔚蓝天际.asz	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File created	C:\Program Files (x86)\hahagame\bb.exe	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File opened for modification	C:\Program Files (x86)\hahagame\count.htm	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File opened for modification	C:\Program Files (x86)\hahagame\flash.mdb	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File created	C:\Program Files (x86)\hahagame\Skins\兰色沉思.asz	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File opened for modification	C:\Program Files (x86)\hahagame\Skins\金色年华.asz	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
File created	C:\Program Files (x86)\hahagame\Skins\青葱岁月.asz	b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe
"C:\Users\Admin\AppData\Local\Temp\b3fd4de7929f3c7f258fa0da21e188f646d75266a779e528db7b6e04716fe71d.exe"
1⤵
- Drops file in Program Files directory
PID:1228

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1228-54-0x0000000075561000-0x0000000075563000-memory.dmp

Filesize
8KB

Download