Overview

overview

3

Static

static

1

hsbc_bis_p...VE.asc

windows10-2004-x64

3

Analysis

  • max time kernel
    256s
  • max time network
    259s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/05/2023, 13:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    hsbc_bis_prd_pgp_pub_key202302 - LIVE.asc

  • Size

    3KB

  • MD5

    c5c0e3af58419537c3a1f5b608ff0b22

  • SHA1

    ca20d90d152bdbe4af534c2db21245df91e68d4c

  • SHA256

    4da573fb67a7145f87539f1850985222560b3a61b5f4327e8d54b1c10eed67bd

  • SHA512

    02d6422591cf113dbc049e942f0583eddb52c3919bac64ac859c0bc0f07d66c9abbe8689a302c82d6ed8274808f5edac387d615f54b185eb18868c8379c1e612

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 42 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\hsbc_bis_prd_pgp_pub_key202302 - LIVE.asc"
    1⤵
    • Modifies registry class
    PID:3704
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3260
    • C:\Program Files\Microsoft Office\root\Office16\Winword.exe
      "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\AppData\Local\Temp\hsbc_bis_prd_pgp_pub_key202302 - LIVE.asc"
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:836

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/836-133-0x00007FF7FB710000-0x00007FF7FB720000-memory.dmp

    Filesize

    64KB

    Download

  • memory/836-134-0x00007FF7FB710000-0x00007FF7FB720000-memory.dmp

    Filesize

    64KB

    Download

  • memory/836-135-0x00007FF7FB710000-0x00007FF7FB720000-memory.dmp

    Filesize

    64KB

    Download

  • memory/836-136-0x00007FF7FB710000-0x00007FF7FB720000-memory.dmp

    Filesize

    64KB

    Download

  • memory/836-137-0x00007FF7FB710000-0x00007FF7FB720000-memory.dmp

    Filesize

    64KB

    Download

  • memory/836-138-0x00007FF7F91E0000-0x00007FF7F91F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/836-139-0x00007FF7F91E0000-0x00007FF7F91F0000-memory.dmp

    Filesize

    64KB

    Download