Overview

overview

7

Static

static

1

httrack_x6....2.exe

windows7-x64

7

httrack_x6....2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-07-2023 16:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    httrack_x64-3.49.2.exe

  • Size

    4.3MB

  • MD5

    2e1d04910dfaa3170b66b94b9d44d56a

  • SHA1

    019b8b956910529218e92f2a92b14cd159e82095

  • SHA256

    ce12f0e0cd3a3807463c8c538808d613798b11d961a94eabf0ba9d67851106f3

  • SHA512

    ebf16f8d687b4dd409cf8d5ef912623161a0b2023c345d319b93ded02e5d2e5acc4cd8d8b9615a2d2b60493591a4faa5559e9f24bc994b46413d0a10dc85931d

  • SSDEEP

    98304:70YG38ZLNIgYD36wDnXpDrmAIjd7p/sFFbOoFc/0kBtLCO3u4Sn46xoVuJ78J+zK:8WAAb0r5mQd5dx8

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 19 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\httrack_x64-3.49.2.exe
    "C:\Users\Admin\AppData\Local\Temp\httrack_x64-3.49.2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:620
    • C:\Users\Admin\AppData\Local\Temp\is-O0V6D.tmp\httrack_x64-3.49.2.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-O0V6D.tmp\httrack_x64-3.49.2.tmp" /SL5="$501CA,4225024,60416,C:\Users\Admin\AppData\Local\Temp\httrack_x64-3.49.2.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      PID:4128

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\WinHTTrack\WinHTTrack.exe
    Filesize

    667KB

    MD5

    1222165410734db4a128e0b6f37eb89c

    SHA1

    557d871d9f3cbe79d3b2b872e17f780c5fbe2638

    SHA256

    d37cc42bd29ff5046097dca847967f59a6a1625829cd6dfac387bdc4134f48a6

    SHA512

    8ba4b7114b7ae6566251ae287f6789335a65699da050be57c95e5421723162d088ea464ca56969d640de35330457f42868888d4f8d3767e651a5cdf9f0b5e339

    Download Submit

  • C:\Program Files\WinHTTrack\html\is-UNBGR.tmp
    Filesize

    5KB

    MD5

    d00cb59eb5e64e6fd3ffc10962c8e114

    SHA1

    bb55e0ad538a9cde7556f9794ebc3a0f74a1402c

    SHA256

    eff26868a40711316674c7889982a1c8442cc5d2aeb18422b56cf16be9566a04

    SHA512

    76ba275b71cd1bdca676575c1a1c8aae99f74e9d9dc759ce0a785fabedc111fc4b0c287ad1430a4768ca5d67510327eabdf10d9e1222eb0768df3fd3872ee4bd

    Download Submit

  • C:\Program Files\WinHTTrack\src_win\InnoSetup\is-GOR02.tmp
    Filesize

    1KB

    MD5

    f93e24fd6a95d2489d5db275add84d2a

    SHA1

    624fac7c36c2f90aa432d75b603e0baa79a53654

    SHA256

    d62ddb7ae57b89ba7fb237ba9aa7fefa2c59d764be3840be026cd5e12fe410b6

    SHA512

    cc264a926d42b113c66dead4ef7831461866b1f72be2b0dd7c85de07e051f7577af1f052ddd6026983d3f171c6989cd9bd69b3ad947d9064f9f346248ac569d9

    Download Submit

  • C:\Program Files\WinHTTrack\src_win\WinHTTrackIEBar\is-9NJR4.tmp
    Filesize

    34KB

    MD5

    3c34afdc3adf82d2448f12715a255122

    SHA1

    7713a1753ce88f2c7e6b054ecc8e4c786df76300

    SHA256

    0b383d5a63da644f628d99c33976ea6487ed89aaa59f0b3257992deac1171e6b

    SHA512

    4937848b94f5b50ea16c51f9e98fdcd3953aca63d63ca3bb05d8a62c107e382b71c496838d130ae504a52032398630b957acaea6c48032081a6366d27cba5ea9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-O0V6D.tmp\httrack_x64-3.49.2.tmp
    Filesize

    701KB

    MD5

    be92b50bf16f68e185df0ad85936ee03

    SHA1

    11fd2a8cb8744540dd5257f7a9f22aa2c7bb4de3

    SHA256

    8114cfc2b266a56c9a98911a5efa603e967838227b519f35e573182e49470b16

    SHA512

    c24f552de5136bb9f8836b26d9690534b6ee23a1d9cfc4099c1a9681a57358221613d00b595f05a7b278c42b1efa747259700b35d7e056dee38e45905f2fbe55

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-O0V6D.tmp\httrack_x64-3.49.2.tmp
    Filesize

    701KB

    MD5

    be92b50bf16f68e185df0ad85936ee03

    SHA1

    11fd2a8cb8744540dd5257f7a9f22aa2c7bb4de3

    SHA256

    8114cfc2b266a56c9a98911a5efa603e967838227b519f35e573182e49470b16

    SHA512

    c24f552de5136bb9f8836b26d9690534b6ee23a1d9cfc4099c1a9681a57358221613d00b595f05a7b278c42b1efa747259700b35d7e056dee38e45905f2fbe55

    Download Submit

  • memory/620-134-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/620-145-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4128-140-0x0000000002240000-0x0000000002241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4128-150-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/4128-148-0x0000000002240000-0x0000000002241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4128-147-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/4128-1239-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download