Overview

overview

3

Static

static

3

Hoic.rar

windows7-x64

3

Hoic.rar

windows10-2004-x64

3

Hoic/DUTCH...OM.txt

windows7-x64

1

Hoic/DUTCH...OM.txt

windows10-2004-x64

1

Hoic/Dutch...m.hoic

windows7-x64

3

Hoic/Dutch...m.hoic

windows10-2004-x64

3

Hoic/Gener...t.hoic

windows7-x64

3

Hoic/Gener...t.hoic

windows10-2004-x64

3

Hoic/butto...ns.rar

windows7-x64

3

Hoic/butto...ns.rar

windows10-2004-x64

3

buttons/4add.png

windows7-x64

3

buttons/4add.png

windows10-2004-x64

3

buttons/6266.png

windows7-x64

3

buttons/6266.png

windows10-2004-x64

3

buttons/666.png

windows7-x64

3

buttons/666.png

windows10-2004-x64

3

Hoic/butto...dd.png

windows7-x64

3

Hoic/butto...dd.png

windows10-2004-x64

3

Hoic/butto...66.png

windows7-x64

3

Hoic/butto...66.png

windows10-2004-x64

3

Hoic/butto...66.png

windows7-x64

3

Hoic/butto...66.png

windows10-2004-x64

3

Hoic/butto...66.png

windows7-x64

3

Hoic/butto...66.png

windows10-2004-x64

3

Hoic/butto...mbs.db

windows7-x64

3

Hoic/butto...mbs.db

windows10-2004-x64

3

Hoic/butto...dd.png

windows7-x64

3

Hoic/butto...dd.png

windows10-2004-x64

3

Hoic/butto...d2.png

windows7-x64

3

Hoic/butto...d2.png

windows10-2004-x64

3

Hoic/butto...d3.png

windows7-x64

3

Hoic/butto...d3.png

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    13-05-2023 06:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Hoic/buttons2/buttons.rar

  • Size

    59KB

  • MD5

    7d7495cdeb9b52f12d32460027782d0d

  • SHA1

    08c5ff013f5d0469a941bc3e3bc5446270d3f3ba

  • SHA256

    99344a350f7f78dee7b1e31d018a53ffc8b574271a78b35c0f8abfa2f804bd9a

  • SHA512

    b36a9f3b6cfd0c2c09901cefdca82d56bcc7727da4fa98c81877b341c187a4f54d7a3a282201f39cf3a6f2eccd5fd78921c476f9268c31612579d876a30c3f4b

  • SSDEEP

    768:p357+O35A351rJJ+35BA35J35Q+H35Zg35zbKD35hG35UD35k35hZPl635mjL35l:qNJ8SOQEPl5

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Hoic\buttons2\buttons.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1060
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Hoic\buttons2\buttons.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1176
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Hoic\buttons2\buttons.rar"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:1764

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1764-83-0x000000013FFB0000-0x00000001400A8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1764-84-0x000007FEFAED0000-0x000007FEFAF04000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1764-85-0x000007FEF62F0000-0x000007FEF65A4000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/1764-86-0x000007FEFB140000-0x000007FEFB158000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1764-87-0x000007FEFAEB0000-0x000007FEFAEC7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1764-88-0x000007FEFAE90000-0x000007FEFAEA1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1764-89-0x000007FEFAE70000-0x000007FEFAE87000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1764-90-0x000007FEFAE50000-0x000007FEFAE61000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1764-91-0x000007FEFABB0000-0x000007FEFABCD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/1764-92-0x000007FEF6730000-0x000007FEF6741000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1764-93-0x000007FEF5EC0000-0x000007FEF60C0000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1764-94-0x000007FEF4BC0000-0x000007FEF5C6B000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/1764-95-0x000007FEF66F0000-0x000007FEF672F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/1764-96-0x000007FEF62C0000-0x000007FEF62E1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1764-97-0x000007FEF66D0000-0x000007FEF66E8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1764-98-0x000007FEF6260000-0x000007FEF6271000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1764-99-0x000007FEF6240000-0x000007FEF6251000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1764-100-0x000007FEF4400000-0x000007FEF4411000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1764-102-0x000007FEF43C0000-0x000007FEF43D1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1764-101-0x000007FEF43E0000-0x000007FEF43FB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1764-103-0x000007FEF43A0000-0x000007FEF43B8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1764-104-0x000007FEF4320000-0x000007FEF4350000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1764-105-0x000007FEF42B0000-0x000007FEF4317000-memory.dmp

    Filesize

    412KB

    Download

  • memory/1764-106-0x000007FEF3D60000-0x000007FEF3DCF000-memory.dmp

    Filesize

    444KB

    Download

  • memory/1764-107-0x000007FEF3D20000-0x000007FEF3D31000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1764-108-0x000007FEF3CC0000-0x000007FEF3D16000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1764-109-0x000007FEF3C90000-0x000007FEF3CB8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1764-110-0x000007FEF3C60000-0x000007FEF3C84000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1764-111-0x000007FEF3C40000-0x000007FEF3C57000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1764-112-0x000007FEF3C10000-0x000007FEF3C33000-memory.dmp

    Filesize

    140KB

    Download

  • memory/1764-113-0x000007FEF3BF0000-0x000007FEF3C01000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1764-114-0x000007FEF3BD0000-0x000007FEF3BE2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1764-115-0x000007FEF3BA0000-0x000007FEF3BC1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1764-116-0x000007FEF3B80000-0x000007FEF3B93000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1764-117-0x000007FEF3B60000-0x000007FEF3B72000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1764-118-0x000007FEF3A20000-0x000007FEF3B5B000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1764-119-0x000007FEF39F0000-0x000007FEF3A1C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1764-120-0x000007FEF3830000-0x000007FEF39E2000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1764-121-0x000007FEF37D0000-0x000007FEF382C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/1764-122-0x000007FEF37B0000-0x000007FEF37C1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1764-123-0x000007FEF3710000-0x000007FEF37A7000-memory.dmp

    Filesize

    604KB

    Download

  • memory/1764-124-0x000007FEF36F0000-0x000007FEF3702000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1764-125-0x000007FEF34B0000-0x000007FEF36E1000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1764-126-0x000007FEF3470000-0x000007FEF34A5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1764-127-0x000007FEF3440000-0x000007FEF3465000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1764-128-0x000007FEF3420000-0x000007FEF3431000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1764-129-0x000007FEF33B0000-0x000007FEF3411000-memory.dmp

    Filesize

    388KB

    Download

  • memory/1764-130-0x000007FEF3390000-0x000007FEF33A1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1764-131-0x000007FEF3370000-0x000007FEF3382000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1764-132-0x000007FEF3350000-0x000007FEF3363000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1764-133-0x000007FEF32B0000-0x000007FEF334F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/1764-134-0x000007FEF3290000-0x000007FEF32A1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1764-135-0x000007FEF3180000-0x000007FEF3282000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1764-136-0x000007FEF3160000-0x000007FEF3171000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1764-137-0x000007FEF2FE0000-0x000007FEF3158000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1764-138-0x000007FEF2FC0000-0x000007FEF2FD7000-memory.dmp

    Filesize

    92KB

    Download