cf71096cf900fffd4aace88078510b4940bf95b93416b12d5e5f620cf02bc5c0

Analysis

max time kernel
129s
max time network
32s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
14/06/2023, 09:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HD2018 V1.0.11.exe
Size

77.9MB
MD5

6748be5db315596d6daea1feaf4aa9e9
SHA1

5a39f05e39705aed90ea14e645489144ff038fc2
SHA256

cf71096cf900fffd4aace88078510b4940bf95b93416b12d5e5f620cf02bc5c0
SHA512

b4eb963913a34b22b84f5461d13809d842b010f4fa9c409b08c52dce25566861e6bd8e88f046082302a9b817eb0551f3e52d7ea85af6052650568993a7a1d120
SSDEEP

1572864:fc+fiKUo/A1DuRf07weox9JLK2mfA1k/bZtN7nUIvzGpcsDvRtTl:fcLo/AIRf07Q9ZqfTTZtKQCpc4RtTl

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1852	HD2018 V1.0.11.exe
1852	HD2018 V1.0.11.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1852	HD2018 V1.0.11.exe

C:\Users\Admin\AppData\Local\Temp\HD2018 V1.0.11.exe
"C:\Users\Admin\AppData\Local\Temp\HD2018 V1.0.11.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:1852

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsoC1CC.tmp\ioSpecial.ini

Filesize
679B

MD5
19444c1e54ab7806ddd6c8c47378944c

SHA1
ec04ff044c65a5710372678032e28661ac788f58

SHA256
78e4d1974865b4680adbfa03c1e82996bcccc289f8d0cffca8d7da74abaf29c0

SHA512
e724f1d0e370a0f17643b58c7ee22e0dcd5f4b1a6c38a24081c7123e4f8051f7ae05e7ad2c3d66b791a5743f122e444b319dc96c71471f8544ca0f6340c053d1

Download Submit
\Users\Admin\AppData\Local\Temp\nsoC1CC.tmp\InstallOptions.dll

Filesize
14KB

MD5
8d5a5529462a9ba1ac068ee0502578c7

SHA1
875e651e302ce0bfc8893f341cf19171fee25ea5

SHA256
e625dcd0188594b1289891b64debddeb5159aca182b83a12675427b320bf7790

SHA512
101da2c33f47bd85b8934318e0f0b72f820afc928a2a21e2c7823875e3a0e830f7c67f42b4c2f30596eaa073617790c89700c0d95b7949ec617e52800b61d462

Download Submit
\Users\Admin\AppData\Local\Temp\nsoC1CC.tmp\LangDLL.dll

Filesize
5KB

MD5
77ff758c10c66937de6d86c388aa431c

SHA1
14bd5628eaf8a12b55cd38f9560c839cb21ce77a

SHA256
6a033e367714ec0d13fca0589c165bdbf4d1dac459fa7ec7415815223fa3c008

SHA512
319837951be276a179ead69efcd24bd7566061abc7997ea782af50bd4b0d69e5ec1a6e4cdeb2825bafedf87edf03380396b7bcf58682b6a3a824c8dc4b966bda

Download Submit