47860a9fc79ccc30b4eb83f3b261ca694f9af857d164990f5f60dfa5d61f0cd4

Analysis

max time kernel
131s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2023, 00:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HP-Photosmart-C4480-Full-Feature-Drivers-and-Software-for-windows-8-8.1-and-10.exe
Size

178.5MB
MD5

b95b49ef107b1ef9d8c8d398b763806e
SHA1

3004c6efd3208a454aba293f2bd497f4102edb38
SHA256

47860a9fc79ccc30b4eb83f3b261ca694f9af857d164990f5f60dfa5d61f0cd4
SHA512

e8d1d8749cb0159a97f70e64ac61204aa8c7d77c3b0ecdc74cce4f5bcf1661171ed4e5182ac4a9dd1630b9953a9e8dfb5204340cd040d4a0fa31f3d434898c45
SSDEEP

3145728:9IDXZbQiGvTHt3z8P4HgpywUxModnFBr7+Mem7gRKzc1WebwQxW9iJxd:9AXSik5fHI3UyodFp+Mem7gQI1WebwMV

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Control Panel\International\Geo\Nation	HP-Photosmart-C4480-Full-Feature-Drivers-and-Software-for-windows-8-8.1-and-10.exe

Executes dropped EXE 1 IoCs

pid	Process
116	Setup.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp\7zS39E2\Autorun.inf	HP-Photosmart-C4480-Full-Feature-Drivers-and-Software-for-windows-8-8.1-and-10.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zS39E2\Autorun.inf	HP-Photosmart-C4480-Full-Feature-Drivers-and-Software-for-windows-8-8.1-and-10.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zS39E2\autorun.inf	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
116	Setup.exe
116	Setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 116	2892	HP-Photosmart-C4480-Full-Feature-Drivers-and-Software-for-windows-8-8.1-and-10.exe	100
PID 2892 wrote to memory of 116	2892	HP-Photosmart-C4480-Full-Feature-Drivers-and-Software-for-windows-8-8.1-and-10.exe	100
PID 2892 wrote to memory of 116	2892	HP-Photosmart-C4480-Full-Feature-Drivers-and-Software-for-windows-8-8.1-and-10.exe	100

C:\Users\Admin\AppData\Local\Temp\HP-Photosmart-C4480-Full-Feature-Drivers-and-Software-for-windows-8-8.1-and-10.exe
"C:\Users\Admin\AppData\Local\Temp\HP-Photosmart-C4480-Full-Feature-Drivers-and-Software-for-windows-8-8.1-and-10.exe"
1⤵
- Checks computer location settings
- Drops autorun.inf file
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Users\Admin\AppData\Local\Temp\7zS39E2\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\7zS39E2\Setup.exe" /webpack
  2⤵
  - Executes dropped EXE
  - Drops autorun.inf file
  - Suspicious use of SetWindowsHookEx
  PID:116

Network

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS39E2\Setup.exe

Filesize
556KB

MD5
091127f2b1eccbdcb8cf84082e575cc8

SHA1
a5020dc000ea1e0b4d3a736e7491f122432933df

SHA256
c773df6dae8993d69a9d1ebc8b694b5136451db7bd7ac6a2b5d0307d3b13f33c

SHA512
89522902953d12ff3b18469587f5bccf3a63acc75a53026bf1231cde0365ff50eb43ea9fc4ddf6fb29aef0aeddecd51d25421fb3ca851e1c1349af4f3f7fff11

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS39E2\Setup.exe

Filesize
556KB

MD5
091127f2b1eccbdcb8cf84082e575cc8

SHA1
a5020dc000ea1e0b4d3a736e7491f122432933df

SHA256
c773df6dae8993d69a9d1ebc8b694b5136451db7bd7ac6a2b5d0307d3b13f33c

SHA512
89522902953d12ff3b18469587f5bccf3a63acc75a53026bf1231cde0365ff50eb43ea9fc4ddf6fb29aef0aeddecd51d25421fb3ca851e1c1349af4f3f7fff11

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS39E2\Setup.exe

Filesize
556KB

MD5
091127f2b1eccbdcb8cf84082e575cc8

SHA1
a5020dc000ea1e0b4d3a736e7491f122432933df

SHA256
c773df6dae8993d69a9d1ebc8b694b5136451db7bd7ac6a2b5d0307d3b13f33c

SHA512
89522902953d12ff3b18469587f5bccf3a63acc75a53026bf1231cde0365ff50eb43ea9fc4ddf6fb29aef0aeddecd51d25421fb3ca851e1c1349af4f3f7fff11

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS39E2\autorun.inf

Filesize
467KB

MD5
eb68f03c70a768a53d337631f1822094

SHA1
ff20ce9dd739155a7768b40aa770b7af13c73973

SHA256
dc3ae4fe3d3458aad94f6f84faea747d637b55eba9cac2892f97c69bc701da08

SHA512
371557f10e30269032db7f934b5ecd7ff3803b9597b90b27da4d0eba01b18b19bca270687146a8972d32932a2c75612200e01ff7f311dcb0b224a9bf6c8eb7a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS39E2\dot4_amd64\dot4.cat

Filesize
93KB

MD5
d48286e6df3cfd5c2996a63ddda810ee

SHA1
482d4c259103c35623d7caf1823179a9c68b7c89

SHA256
b23097ae18b573b8717593f2cfd972102408382e6629ba257ecc82ef84524c1f

SHA512
1864c25f2f250c032499120f88fc4cc989ab7d0302be9e18892342bf59401d1cee1c1608f3bafe0e0263c8d39d5a85f8d1f2b2a14a6a446ebe2b8b089672b287

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS39E2\hpomdl29.dat

Filesize
608B

MD5
abcebb2735accd296eb7d89ac2c8a1a6

SHA1
8f2ff24f11f376e08e13e9a7f1a00ce11a659f0a

SHA256
8f37f563c0bd0e77ed58e0956a0d9783a0b354b96adbd4fa98d127cff64a4eba

SHA512
a16735b6981016ac84b933d717077610ace603e2fb019878c468f0a105258864ad6c030aef5ba5ee3b0301187fc88e179d47b4ccd01db7dc256e314b920cc8ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS39E2\images\CountryRoad2.jpg

Filesize
47KB

MD5
4424b560e6104936f2e628ad2c53f5cf

SHA1
ac68d1c0844a6d0f711d2d7feea3a6637e85f4e9

SHA256
efe8a9aaab8220cc107d44367d4032c66eba27cbd9d6cf1dada6a4b9b6bcbd35

SHA512
eadcadc1baad82c71e7f76cef4eec4f4581d8b99e14002528e11bf24da1935a3a44b17faadb83b7a31709093b8b99435a62e6330f6c2ffca5c89d155f451b26a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS39E2\images\hplogo.jpg

Filesize
2KB

MD5
a09fee285996462cdd2881459ebcacbb

SHA1
c61e4cb8ef772253558f542e37b98b25e78c82b7

SHA256
5a16e3312b239a689bca74f5c4fb4be5d1bbbeef168fecea6f9e0602ebceb323

SHA512
06a3b8d641cc8d9801c80fc903d4e64e3585c0804cef11127751fe05a48445490f37ab177d89f0f6a769ebc4d7160f5f6cf9642496b8b95084b199e6cc947e31

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS39E2\setup\networktutorial\plk\NameTag_small.gif

Filesize
2KB

MD5
09a448910669a9b62e1d61adfc663bf8

SHA1
aff8bc94ef4629681beec24e76bac970f0df7d91

SHA256
2f0bfc1bcdd75f4254e9c9be117f2bb00c41c7b1a4fd7aaa52e8c46b2abf1ecd

SHA512
0feaff546cc727042a59f2d82872e59afe5f68e3c6e46ec6e1b2537478755960acf61379bd32f42bf413c3a005a65c7a38b0507f1f95b82563eb5570c08fd8a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS39E2\setup\networktutorial\plk\Router_waves.gif

Filesize
763B

MD5
210404a27c7dcf87eb92fc3f4d4c490e

SHA1
066835cbb35404143a5ad56ea01e3831243fcedf

SHA256
02f394292399844fdfaff2140888b220ddd8307f9da852b72a572fea75c42b88

SHA512
5c06ef99c02def1eff010f72d8934a2fba9fafc85cd7925148b3ae1f3f53f405029aa7338711d4e3c483efffc438ca22abd01b396b1c3b74c0f621c1f69c9a79

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS39E2\setup\networktutorial\plk\Router_waves_pcs.gif

Filesize
1KB

MD5
defaa9f333213dd8500a18fed731c177

SHA1
2866d5007e13d6e7bce597b40c93615d32170184

SHA256
f9b4d531bbb5119a97015578f1492a281c44d087885cf0b761b9ff522b5e43a6

SHA512
22db8f6e352dda0a23622c64bdbaa3abe902cb9db68fd9f0f353a2530458e4bb0171e7413ba106219733e90d12440a24601ad1cc3e4d7d46412826be5d035d8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS39E2\setup\networktutorial\plk\SecurityGate.gif

Filesize
4KB

MD5
de3f65a5656a2ca20fb7e70993ed413c

SHA1
c4f1b8ddb950dfcfbd617e89b950f4a158e464b4

SHA256
6f9249e8a43a65542919b81fb6ad3ec1627c2588c655f02032e805de9667e61d

SHA512
b3af08a1c19bab9d5f66ea99074803dd5e51d246729ddc7e608083218c4d4ef83ca20bdf1aa633db677abe650ad38e067ce5d14e23b8e074d65d99f0049c11f5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads