Overview

overview

8

Static

static

3

hmpalert3 ...ed.exe

windows7-x64

8

hmpalert3 ...ed.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    15s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    14/07/2023, 14:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    hmpalert3 pre-patched.exe

  • Size

    5.1MB

  • MD5

    f464b6682a1a1fdf145a63b866ac203c

  • SHA1

    622ab6cf9a0a7087796204151e327f93fd7955ba

  • SHA256

    62d20fdc2a6c018b6a25cbb3882290d1ea6ea207517e0af717a46254e321f16f

  • SHA512

    9d18540b545d4dcdb8bea83f88aa52d205338fd831ea37e90caca07087a768e83241952cf887ed372e53f8dcddce8c53f53e97d369fb5710656db4fb1a4605d7

  • SSDEEP

    98304:BOpFgn78Y6ZdzlDr8gBhvioUxJtJKnjyLJ79AZBeqFYe:BOpNblDkoeYu1JMeO

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Registers COM server for autorun 1 TTPs 3 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 5 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\hmpalert3 pre-patched.exe
    "C:\Users\Admin\AppData\Local\Temp\hmpalert3 pre-patched.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    • Registers COM server for autorun
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies registry class
    PID:2832

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Program Files (x86)\HitmanPro.Alert\hmpalert.exe
          Filesize

          5.1MB

          MD5

          f464b6682a1a1fdf145a63b866ac203c

          SHA1

          622ab6cf9a0a7087796204151e327f93fd7955ba

          SHA256

          62d20fdc2a6c018b6a25cbb3882290d1ea6ea207517e0af717a46254e321f16f

          SHA512

          9d18540b545d4dcdb8bea83f88aa52d205338fd831ea37e90caca07087a768e83241952cf887ed372e53f8dcddce8c53f53e97d369fb5710656db4fb1a4605d7

          Download Submit