777d09585cfcee94096facc86f84c3119d4cf08b474c56208e8b9e90cb818d46

Analysis

max time kernel
57s
max time network
58s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
15/04/2023, 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

777d09585cfcee94096facc86f84c3119d4cf08b474c56208e8b9e90cb818d46.exe
Size

1.5MB
MD5

792853931cbd796789744c2538cea384
SHA1

443cc280910d83d0946634698820282e8d8e9f1f
SHA256

777d09585cfcee94096facc86f84c3119d4cf08b474c56208e8b9e90cb818d46
SHA512

2aecccc45b20cea2bcbc0d1d1a216d5bd9dde2dbc49b6e6cbad149cb200a392ad3e9ee0b1c7069c21682837cd41c0e3d1e8b7bd93f0d62a1430fc4fcea725e8a
SSDEEP

24576:UiE8hZWFnPkx5IMBwgmzZWkF7IOtO0cTGezIlV:UK+xoRmGOgJTDu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
828	HWBoxDockLaunch.exe

Loads dropped DLL 6 IoCs

pid	Process
1992	777d09585cfcee94096facc86f84c3119d4cf08b474c56208e8b9e90cb818d46.exe
1992	777d09585cfcee94096facc86f84c3119d4cf08b474c56208e8b9e90cb818d46.exe
828	HWBoxDockLaunch.exe
828	HWBoxDockLaunch.exe
828	HWBoxDockLaunch.exe
828	HWBoxDockLaunch.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
828	HWBoxDockLaunch.exe
828	HWBoxDockLaunch.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 828	1992	777d09585cfcee94096facc86f84c3119d4cf08b474c56208e8b9e90cb818d46.exe	30
PID 1992 wrote to memory of 828	1992	777d09585cfcee94096facc86f84c3119d4cf08b474c56208e8b9e90cb818d46.exe	30
PID 1992 wrote to memory of 828	1992	777d09585cfcee94096facc86f84c3119d4cf08b474c56208e8b9e90cb818d46.exe	30
PID 1992 wrote to memory of 828	1992	777d09585cfcee94096facc86f84c3119d4cf08b474c56208e8b9e90cb818d46.exe	30
PID 1992 wrote to memory of 828	1992	777d09585cfcee94096facc86f84c3119d4cf08b474c56208e8b9e90cb818d46.exe	30
PID 1992 wrote to memory of 828	1992	777d09585cfcee94096facc86f84c3119d4cf08b474c56208e8b9e90cb818d46.exe	30
PID 1992 wrote to memory of 828	1992	777d09585cfcee94096facc86f84c3119d4cf08b474c56208e8b9e90cb818d46.exe	30

C:\Users\Admin\AppData\Local\Temp\777d09585cfcee94096facc86f84c3119d4cf08b474c56208e8b9e90cb818d46.exe
"C:\Users\Admin\AppData\Local\Temp\777d09585cfcee94096facc86f84c3119d4cf08b474c56208e8b9e90cb818d46.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Users\Public\AppUpdate\HWBoxDockLaunch.exe
  "C:\Users\Public\AppUpdate\HWBoxDockLaunch.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:828

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Public\AppUpdate\HWBoxDockLaunch.exe

Filesize
1.2MB

MD5
1d1d76cf0d1fee276e85fd86f25fef10

SHA1
ef18778e2474f1403ff6680d4cbff45aa03cf801

SHA256
0911b0fefb3f732adda841eeb4fd64938d2d595eda8e39ed255ce5905a212455

SHA512
26bb3cf4db9af067da2d1a9942e108018f9a793f3da098ce443cbc23a485d91ac64c6d30d34fb1b97924a58a07b6985c585e46e6612799ea14de91658b93ecb8

Download Submit
C:\Users\Public\AppUpdate\HWBoxDockLaunch.exe

Filesize
1.2MB

MD5
1d1d76cf0d1fee276e85fd86f25fef10

SHA1
ef18778e2474f1403ff6680d4cbff45aa03cf801

SHA256
0911b0fefb3f732adda841eeb4fd64938d2d595eda8e39ed255ce5905a212455

SHA512
26bb3cf4db9af067da2d1a9942e108018f9a793f3da098ce443cbc23a485d91ac64c6d30d34fb1b97924a58a07b6985c585e46e6612799ea14de91658b93ecb8

Download Submit
C:\Users\Public\AppUpdate\HWBoxDockLaunch.exe

Filesize
1.2MB

MD5
1d1d76cf0d1fee276e85fd86f25fef10

SHA1
ef18778e2474f1403ff6680d4cbff45aa03cf801

SHA256
0911b0fefb3f732adda841eeb4fd64938d2d595eda8e39ed255ce5905a212455

SHA512
26bb3cf4db9af067da2d1a9942e108018f9a793f3da098ce443cbc23a485d91ac64c6d30d34fb1b97924a58a07b6985c585e46e6612799ea14de91658b93ecb8

Download Submit
C:\Users\Public\AppUpdate\sqlite3.dll

Filesize
1.9MB

MD5
a5066998f34071c7a8817506fad5a3e0

SHA1
80dc4caaeb3932cc522d542f2f4fb29cecc87056

SHA256
0786fdea508dd584258c9367ddde40c8c9cb180e42802142d143459498a086ec

SHA512
e0caec10b5316814c1fe1bd770837ec7d8d6d94a85d1b54f9d6a9bddde3ebc4c558bf16da1c723cb0aa0f1230a5826812e235d9b5a92f0e585e2a6a20981b0c1

Download Submit
C:\Users\Public\AppUpdate\sqlite3Org.DLL

Filesize
785KB

MD5
3a89c2b9c825fb691337646bb5763a5a

SHA1
d7a1dc4011847bee8644209aba2519c81b0d36db

SHA256
10b8d7caf2e755f1a2aa04c2cfd67dced62764e48d1f171243a6fd66ec116d74

SHA512
fa6724a0c4a0fb75b2556d55507f2e0f2cec0d53a094384afed62268902564edd8ae76fe0ef5b8a824294d0829565057cd97457fbdabb26e44e9db99307b0a07

Download Submit
\Users\Public\AppUpdate\HWBoxDockLaunch.exe

Filesize
1.2MB

MD5
1d1d76cf0d1fee276e85fd86f25fef10

SHA1
ef18778e2474f1403ff6680d4cbff45aa03cf801

SHA256
0911b0fefb3f732adda841eeb4fd64938d2d595eda8e39ed255ce5905a212455

SHA512
26bb3cf4db9af067da2d1a9942e108018f9a793f3da098ce443cbc23a485d91ac64c6d30d34fb1b97924a58a07b6985c585e46e6612799ea14de91658b93ecb8

Download Submit
\Users\Public\AppUpdate\HWBoxDockLaunch.exe

Filesize
1.2MB

MD5
1d1d76cf0d1fee276e85fd86f25fef10

SHA1
ef18778e2474f1403ff6680d4cbff45aa03cf801

SHA256
0911b0fefb3f732adda841eeb4fd64938d2d595eda8e39ed255ce5905a212455

SHA512
26bb3cf4db9af067da2d1a9942e108018f9a793f3da098ce443cbc23a485d91ac64c6d30d34fb1b97924a58a07b6985c585e46e6612799ea14de91658b93ecb8

Download Submit
\Users\Public\AppUpdate\sqlite3.dll

Filesize
1.9MB

MD5
a5066998f34071c7a8817506fad5a3e0

SHA1
80dc4caaeb3932cc522d542f2f4fb29cecc87056

SHA256
0786fdea508dd584258c9367ddde40c8c9cb180e42802142d143459498a086ec

SHA512
e0caec10b5316814c1fe1bd770837ec7d8d6d94a85d1b54f9d6a9bddde3ebc4c558bf16da1c723cb0aa0f1230a5826812e235d9b5a92f0e585e2a6a20981b0c1

Download Submit
\Users\Public\AppUpdate\sqlite3.dll

Filesize
1.9MB

MD5
a5066998f34071c7a8817506fad5a3e0

SHA1
80dc4caaeb3932cc522d542f2f4fb29cecc87056

SHA256
0786fdea508dd584258c9367ddde40c8c9cb180e42802142d143459498a086ec

SHA512
e0caec10b5316814c1fe1bd770837ec7d8d6d94a85d1b54f9d6a9bddde3ebc4c558bf16da1c723cb0aa0f1230a5826812e235d9b5a92f0e585e2a6a20981b0c1

Download Submit
\Users\Public\AppUpdate\sqlite3org.dll

Filesize
785KB

MD5
3a89c2b9c825fb691337646bb5763a5a

SHA1
d7a1dc4011847bee8644209aba2519c81b0d36db

SHA256
10b8d7caf2e755f1a2aa04c2cfd67dced62764e48d1f171243a6fd66ec116d74

SHA512
fa6724a0c4a0fb75b2556d55507f2e0f2cec0d53a094384afed62268902564edd8ae76fe0ef5b8a824294d0829565057cd97457fbdabb26e44e9db99307b0a07

Download Submit
\Users\Public\AppUpdate\sqlite3org.dll

Filesize
785KB

MD5
3a89c2b9c825fb691337646bb5763a5a

SHA1
d7a1dc4011847bee8644209aba2519c81b0d36db

SHA256
10b8d7caf2e755f1a2aa04c2cfd67dced62764e48d1f171243a6fd66ec116d74

SHA512
fa6724a0c4a0fb75b2556d55507f2e0f2cec0d53a094384afed62268902564edd8ae76fe0ef5b8a824294d0829565057cd97457fbdabb26e44e9db99307b0a07

Download Submit
memory/828-81-0x0000000000400000-0x000000000053E000-memory.dmp

Filesize
1.2MB

Download