Overview

overview

7

Static

static

3

H90490861252¬F.exe

windows7-x64

7

H90490861252¬F.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    28s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    10-05-2023 12:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    H90490861252¬F.exe

  • Size

    667KB

  • MD5

    f4ebd2a2d0ff857cca296b6d868e94b0

  • SHA1

    e284b010ec634795cfe4da2cb4ea376480fdb6d4

  • SHA256

    3994c8e0aecd846d4745bee253585ab2787b6b5fe80ccac607dada63db1b4177

  • SHA512

    11811a3f7c67c279f754f4202c4c24cad8d2953b0863bb2663019b3d5ca966e605dad567241e88cdd4905aba3e5b8243292a8e74c68d8805e6d228df17c5f828

  • SSDEEP

    12288:Rgi0cO/aRB7kBfqQqVw2yJ5rcQm6dTxqooWjrARw75WSaLpG/4YBZRyIL9oI0+Ip:6i0vTcSaLpG/4AZfBT0+Ip

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\H90490861252¬F.exe
    "C:\Users\Admin\AppData\Local\Temp\H90490861252¬F.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\HPxPQX.bat"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1960
      • C:\Windows\system32\cscript.exe
        cscript C:\Users\Admin\AppData\Local\Temp\aZxT.vbs
        3⤵
        • Drops startup file
        PID:984

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\HPxPQX.bat
    Filesize

    572B

    MD5

    8bc5bc3ffb3fa90489338dee154c15a6

    SHA1

    9e3f1fadc136dabeb7e9b48c6c47aacfd0162d66

    SHA256

    f4df0a1c9b2775a1bb8c424395b308a29039f9cf7d8cb663c9b6e72aa9019694

    SHA512

    7d82accf085ba19b44bc65450c984e3bb1ad539224e415eaf1d995aef4f100f36df243d958151e703f65ae4881565bf02121f586aea2b6700bd724b61bac7f5c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\aZxT.vbs
    Filesize

    271B

    MD5

    5ce0f12071b6b3b26e3c509bfdad675f

    SHA1

    c8c8b32dcb42717d224061db1ef482af14af6a94

    SHA256

    7ec3b9436b8ff2365d6d12fee8a3e2b2f470118e68af63da434c3164a03ba36f

    SHA512

    61312aa51e591af558b15599536473e43d8af4eb8ef1dcf6bce552f7b128c61474c62c4434812ae773aff86590b6b36ffda11e69c3d3eb88464fe1062d497cb7

    Download Submit