Overview

overview

7

Static

static

7

hitpaw-vid...er.exe

windows7-x64

7

hitpaw-vid...er.exe

windows10-2004-x64

7

Resubmissions

08/03/2023, 20:17

230308-y22qlsgg93 7

08/03/2023, 20:12

230308-yy5m4afg4t 7

08/03/2023, 19:36

230308-yblayaff2t 7

Analysis

  • max time kernel
    290s
  • max time network
    266s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/03/2023, 20:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    hitpaw-video-converter.exe

  • Size

    2.0MB

  • MD5

    fbd4cb309b2784cd2c6887c051b5cf11

  • SHA1

    1f79beb05b7adddc55543d6ee39aefa190b75d0f

  • SHA256

    5c41924007da81a633015785ed64ed051f4d91b43172bf443a496319fa7a586e

  • SHA512

    a4d8a734f1d4eaae112a925b4c67cb482f973eddc4cf60156c409758734c90ecd3e9d2c6e3f42f897a4d791b695f50810ec82fb083e7c32850e54846cd20b994

  • SSDEEP

    49152:G5lUxo/DzEkiMgbvbpsbcOTIvZr6Zyid+30F/XRX7DU3AVszu:G3/0ktg5sjIRr6ZRd+kFJXX6S

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\hitpaw-video-converter.exe
    "C:\Users\Admin\AppData\Local\Temp\hitpaw-video-converter.exe"
    1⤵
      PID:4832

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4832-133-0x0000000000400000-0x0000000000835000-memory.dmp

      Filesize

      4.2MB

      Download

    • memory/4832-144-0x0000000000400000-0x0000000000835000-memory.dmp

      Filesize

      4.2MB

      Download