Analysis

  • max time kernel
    145s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2023, 08:47

General

  • Target

    Hahza.exe

  • Size

    10KB

  • MD5

    b1553384deba6a98d1a0caa98468d0ee

  • SHA1

    f63e052ba7f25077d625f841241e2d2aa1ea7011

  • SHA256

    37840987b437459b8f5774cfd36eb5a271c61808ccfa5e4aa63b005db127f71a

  • SHA512

    807f89794347adbc82dac585656c62db9e0fd924e83ff7fffc28cd9f5f18c0859fbbc5c07c599fa41e40acd04bcb70651bd43714ffaf84b3c4a93bc7eba613a6

  • SSDEEP

    96:JG/woST6RfWsr/Kk+M1k4XpCiwe5KhBC14P3R8jleB/TA2ezNt:J6RfWsjv+M1k4XFw0Kva4P3Slc/R4

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Hahza.exe
    "C:\Users\Admin\AppData\Local\Temp\Hahza.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2456

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2456-54-0x0000000000D50000-0x0000000000D58000-memory.dmp

          Filesize

          32KB

        • memory/2456-55-0x000007FEF5B00000-0x000007FEF64EC000-memory.dmp

          Filesize

          9.9MB

        • memory/2456-56-0x0000000000B00000-0x0000000000B80000-memory.dmp

          Filesize

          512KB

        • memory/2456-57-0x000007FEF5B00000-0x000007FEF64EC000-memory.dmp

          Filesize

          9.9MB

        • memory/2456-58-0x0000000000B00000-0x0000000000B80000-memory.dmp

          Filesize

          512KB