d747f76dac8d9defd7160471bf7bab4a64c4fb9e00067cbe8c0a21e988739639

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
23/10/2023, 10:10

Target

hitpaw-voice-changer.exe
Size

2.8MB
MD5

05f2edb8621e49275e0029c6754b942d
SHA1

f0ae6cafded1bf60c70e5050f6d2a6ad1b13d8a8
SHA256

90279b02d3afb48d50d70201ae740daa2761d0d3f06fd60c4db8690d9ba586fe
SHA512

d671c29d44edf247b6bead6f5a9c61fa76adb4839d8506a5b6a1faf72b97a085af13811c21555e3a08a8d9bcc3a8acc4b228cba3eedf9a2ff93fc28763e46ec9
SSDEEP

49152:RBfoNtu1abLX7EzIZdMOo305WebRyyfdEGUYcz57GO00Bx0KY8D2kwU3st0sUZ:RBfBSH9Ro305WeFyyfdEHYoyGBhpD2kN

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral8/memory/1444-0-0x0000000000400000-0x000000000096C000-memory.dmp	upx
behavioral8/memory/1444-4-0x0000000000400000-0x000000000096C000-memory.dmp	upx

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
15	ip-api.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

C:\Users\Admin\AppData\Local\Temp\hitpaw-voice-changer.exe
"C:\Users\Admin\AppData\Local\Temp\hitpaw-voice-changer.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1444

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1444-0-0x0000000000400000-0x000000000096C000-memory.dmp

Filesize
5.4MB

Download
memory/1444-4-0x0000000000400000-0x000000000096C000-memory.dmp

Filesize
5.4MB

Download