d280e0a6db084523ad1bd21f1e2d790a05601769b17069e843f21efc087e7dba

Analysis

max time kernel
330s
max time network
252s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2023 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Hesi Wizard.exe
Size

10.9MB
MD5

bf3c451756a43859171f52ee6cc4c6bb
SHA1

1cdf792c9eefca3ffe1e4ffb3d71dd3d4ac2fa77
SHA256

d280e0a6db084523ad1bd21f1e2d790a05601769b17069e843f21efc087e7dba
SHA512

90e995cf73bdfe5138abfbcc1271712b412fadc839ac65ad01d2a1dadb8cd2ca794dbd1e1a0ee13951b350529050f7f9dfd993f5279cb7d0843c79bf66a71dec
SSDEEP

196608:Tan+8cRlEZWvO355TEbcRXfQVH2RSWsQPQJvCvHm9EVi9RGUiaWMxdT+Q46A/d7:Ta74qZGA5ZEiQVH2wxQjHmuiTz5jxRxt

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4808	Hesi Wizard.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4808	Hesi Wizard.exe

C:\Users\Admin\AppData\Local\Temp\Hesi Wizard.exe
"C:\Users\Admin\AppData\Local\Temp\Hesi Wizard.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4808

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\Sol\Sol 2.2.9\apps\python\sol_planner\presets\Checker123WeatherSuite.ini

Filesize
5KB

MD5
e95c4091280fe1a2700dbbd699594f60

SHA1
42996e1f78d0808364f70bd88fbf8ea3238a56c0

SHA256
d80cdae9d5085171dfebe8acde843dc8452140e3c1fc49a4409ff0c3a10aafc1

SHA512
a454fb077a53c31df94205c110d336e0b76a7f09feb6691edc68634fcd41aad91452116aefb804fe06cc609852d08f32e93595016a1b5661cf97447f98c5e854

Download Submit
C:\Users\Admin\Desktop\Sol\Sol 2.2.9\apps\python\sol_planner\sol_lib\sol_Dialogs.py

Filesize
12KB

MD5
1ee0b946fe01ddb986e72c8f1be04233

SHA1
e5605c198b463404a6bc0760b0b2f898451777fd

SHA256
24b68203dea986b61dc5f6508601e3cd2f1716b305c60cf4617d79947c600116

SHA512
b41644ff3b7469b5d7afc258d69be93a0d67b7c75e17a131f824ca3cdc3f939e7e08b6e988f0f2ca4db5e10a99629217e44c4ee3bdbe3a7767ac662ae34ba702

Download Submit
C:\Users\Admin\Desktop\Sol\Sol 2.2.9\apps\python\sol_planner\sol_lib\sol_Stellar.py

Filesize
5KB

MD5
4bf4bf875400761b80c5861fe9b9b222

SHA1
2d578d09b0db8d3e35ba4397421bf6be3a83fb05

SHA256
5eb2c230a2338464f7d919eafcf4e365fa4050c0707b120c81ed29b7e1167521

SHA512
c7f0de03c8e71a3fd0b6c627ab3b781dbfe39090a2c0ec2e5846d109d26528968f55049869b03d36eb555a3802015fd584bbd6ab75ef33af6978e8f7c16f808a

Download Submit
C:\Users\Admin\Desktop\Sol\Sol 2.2.9\apps\python\sol_planner\sol_lib\sol_UI.py

Filesize
45KB

MD5
a95b32b298d91d1dd3e1540709a5d00d

SHA1
44ea18f0917dd36cd266a9142526fbebbad5da32

SHA256
073c38c979b24ff9e86e456afbd0c1eb7d1e2f7ff83ebf6ec3e4bb4f9febcd98

SHA512
7a57e45c660877c83eb1aca717949b5de13369b6864a06f381ea302e7ce658e0e13e0feb5c3f444d23c2b292565d60235a67d3b3ab99cd65c711e78ec3b04cb3

Download Submit
C:\Users\Admin\Desktop\Sol\Sol 2.2.9\apps\python\sol_planner\sol_lib\sol_interface.py

Filesize
10KB

MD5
26e4d401f7aa202ab784f2810c9fabb0

SHA1
b27d4ff193dd6e32c5c0d5a330cec40e125aaa27

SHA256
1a8b82b1745befa9e8f2d101a5feab6c159cb1f6ab2c5fc337d86d677c86cf3b

SHA512
c28acad5dc5f8a69ce8a90571a6009b6df45236c1cf054f7202376529239c3076e0af001da5871aeb74a8472af806c882a0b5fd78d742b19efc92c2569de3834

Download Submit
C:\Users\Admin\Desktop\Sol\Sol 2.2.9\apps\python\sol_planner\stdlib64\_ctypes.pyd

Filesize
105KB

MD5
db00409e98d259e16986abb4afc2a02c

SHA1
5ad508dd1a648121d8ac0237aa82f39ee2bef671

SHA256
a5c393c03d48430e74768de97e0b1598fa087f624fb5b142a567a3e54e2ed853

SHA512
fe490dc682264753b27e97ed28f9897f176e3ec55bcea5f6b37dbbb5696f79f236c6eda2cdfa653f3e9e8c762fdd61a4adb53fb7c45fa3fd95892110676ce51c

Download Submit
C:\Users\Admin\Desktop\Sol\Sol 2.2.9\apps\python\sol_planner\stdlib\_ctypes.pyd

Filesize
83KB

MD5
ae4ab1a5baae8106a95e1c24518b22c1

SHA1
07429ff9f0400a6e89a115877c0f429cdea4cbc7

SHA256
f11597b472fa10bb7c3b85a99dd7870f063963a55740fa01d07f875b49efd328

SHA512
4bcbb88cf5b956f87dfacf67bf049fbafec38bcf093e37b0d5a9816b612263ce50c0682bbbdcb7d8a667de7c6ef127e03c00e5669ac08ce101805007cbd6c961

Download Submit
C:\Users\Admin\Desktop\Sol\Sol 2.2.9\content\weather\sol_04_windy\colorCurves.ini

Filesize
273B

MD5
8ff151a369eddf6dda30a0b009840c5b

SHA1
955edcc6c4efc8df3d748e4756aee842572109b6

SHA256
fd43a03364dbd3ba22f6676d2de28da0fed556ce8e9c49975502467f6518a47a

SHA512
836ac9dead95e541390ce6932a4e1c8d93b56ae9e345b1c06401d137de6ea517e86f3e1229f94e004115ddf45aeb17abaef19e94a7ac026f5e8afa588ac4081c

Download Submit
C:\Users\Admin\Desktop\Sol\Sol 2.2.9\extension\weather\sol\clouds\2d\strato\s2_eco.dds

Filesize
4.8MB

MD5
bf87ef2fdc7cff63427318dc79412516

SHA1
415eea5e2d709ac77aa43533d5283183d5eec526

SHA256
0df0487c93e2a7a4f1e85c512c66de98d91dac85c91f49f4458c358606e95c57

SHA512
9a7d19d14b70bd85f20329c6a40b37dd737c85650d70e7b239bdc5fff8fe10d60e4e2a7b306483dac5f15a0d46954e33401217a0ec9c3e508364d915e5f64f9e

Download Submit
memory/4808-141-0x0000000074900000-0x00000000750B0000-memory.dmp

Filesize
7.7MB

Download
memory/4808-153-0x0000000007A00000-0x0000000007FA4000-memory.dmp

Filesize
5.6MB

Download
memory/4808-144-0x0000000006160000-0x0000000006170000-memory.dmp

Filesize
64KB

Download
memory/4808-145-0x0000000006160000-0x0000000006170000-memory.dmp

Filesize
64KB

Download
memory/4808-146-0x0000000006160000-0x0000000006170000-memory.dmp

Filesize
64KB

Download
memory/4808-147-0x0000000006160000-0x0000000006170000-memory.dmp

Filesize
64KB

Download
memory/4808-148-0x0000000006160000-0x0000000006170000-memory.dmp

Filesize
64KB

Download
memory/4808-149-0x0000000006160000-0x0000000006170000-memory.dmp

Filesize
64KB

Download
memory/4808-150-0x0000000006160000-0x0000000006170000-memory.dmp

Filesize
64KB

Download
memory/4808-151-0x0000000006160000-0x0000000006170000-memory.dmp

Filesize
64KB

Download
memory/4808-152-0x0000000006300000-0x0000000006400000-memory.dmp

Filesize
1024KB

Download
memory/4808-143-0x0000000006160000-0x0000000006170000-memory.dmp

Filesize
64KB

Download
memory/4808-154-0x0000000006300000-0x0000000006400000-memory.dmp

Filesize
1024KB

Download
memory/4808-156-0x0000000008150000-0x00000000081E2000-memory.dmp

Filesize
584KB

Download
memory/4808-142-0x0000000006160000-0x0000000006170000-memory.dmp

Filesize
64KB

Download
memory/4808-133-0x0000000074900000-0x00000000750B0000-memory.dmp

Filesize
7.7MB

Download
memory/4808-140-0x000000000D3C0000-0x000000000D3C8000-memory.dmp

Filesize
32KB

Download
memory/4808-139-0x000000000D3B0000-0x000000000D3BE000-memory.dmp

Filesize
56KB

Download
memory/4808-138-0x000000000D3E0000-0x000000000D418000-memory.dmp

Filesize
224KB

Download
memory/4808-137-0x0000000006160000-0x0000000006170000-memory.dmp

Filesize
64KB

Download
memory/4808-136-0x0000000009380000-0x000000000943A000-memory.dmp

Filesize
744KB

Download
memory/4808-135-0x0000000006160000-0x0000000006170000-memory.dmp

Filesize
64KB

Download
memory/4808-134-0x0000000000CA0000-0x0000000001796000-memory.dmp

Filesize
11.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads