Analysis

  • max time kernel
    136s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-03-2023 10:19

General

  • Target

    dc23ec67213ad870c157d7c40af8589993dbf16ab16dace8408c4855e9116563.exe

  • Size

    1.3MB

  • MD5

    b588cf119217c542adb15c5095dcf04c

  • SHA1

    3b9aebbb46f838553970ece51926a50b898051a7

  • SHA256

    dc23ec67213ad870c157d7c40af8589993dbf16ab16dace8408c4855e9116563

  • SHA512

    c2ad4d693feb3250b0ed6962d45d00455a500f87167da5646074f00f64225b5e7f8a9a2bbd9f1120e7f4766d96b4ab24c895ed34b887cfab02ecb9d13a61e1ae

  • SSDEEP

    12288:EA8t4q756E+3lii3uumraOid9QWX+7UKXqzK7wVgyOrWC9u9wNVZR3aUSC9ZZXYq:Aeql6EoqW9KXqzK7wTOzFT3aUuR

Score
10/10

Malware Config

Signatures

  • Detects HZRAT backdoor 1 IoCs
  • HZRAT

    HZRAT that is remotely accesses infected resources.

Processes

  • C:\Users\Admin\AppData\Local\Temp\dc23ec67213ad870c157d7c40af8589993dbf16ab16dace8408c4855e9116563.exe
    "C:\Users\Admin\AppData\Local\Temp\dc23ec67213ad870c157d7c40af8589993dbf16ab16dace8408c4855e9116563.exe"
    1⤵
      PID:3824

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3824-133-0x0000000000280000-0x0000000000424000-memory.dmp

      Filesize

      1.6MB

    • memory/3824-134-0x0000000000BD0000-0x0000000000C03000-memory.dmp

      Filesize

      204KB

    • memory/3824-135-0x0000000000280000-0x0000000000424000-memory.dmp

      Filesize

      1.6MB