Overview

overview

10

Static

static

7

2023.10.12.exe

windows7-x64

1

2023.10.12.exe

windows10-2004-x64

1

HipsMain.exe

windows7-x64

7

HipsMain.exe

windows10-2004-x64

7

HipsMain1.exe

windows7-x64

7

HipsMain1.exe

windows10-2004-x64

7

[local]loader.exe

windows7-x64

7

[local]loader.exe

windows10-2004-x64

7

[sus]aaa.exe

windows7-x64

10

[sus]aaa.exe

windows10-2004-x64

10

logsave.exe

windows7-x64

7

logsave.exe

windows10-2004-x64

7

福建省�...��.exe

windows7-x64

7

福建省�...��.exe

windows10-2004-x64

7

说明书.exe

windows7-x64

1

说明书.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    136s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    27-10-2023 03:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    福建省福州市闽运集团有限公司约巴定制巴士企划书.exe

  • Size

    1.8MB

  • MD5

    4013cafa7be58a15952fd1b924c2d598

  • SHA1

    7727b1966117978ea117483aacd70d91988f8310

  • SHA256

    32686b4e8ceba0cf5dbceba44392024633b750920f7aaf39d8ea14a1125049db

  • SHA512

    89798c698d7d7b9284d6d84cd1e5432d36445e23402a61604e26a3de0e2ac0ba53fa0a903fb3533bd831c73cae3a2e1f7b3706ef69ccf3441e6df08830e6f7c9

  • SSDEEP

    24576:5n8XoKkFkS+DMIxNrSkp9PPSYCKho+KuFJOgtwDB/LkiWdpw8cPYT2q9IVzr/XFs:n+IGFDP39olEO7OdpOYKH5pvE/nqxsl

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\福建省福州市闽运集团有限公司约巴定制巴士企划书.exe
    "C:\Users\Admin\AppData\Local\Temp\福建省福州市闽运集团有限公司约巴定制巴士企划书.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Users\Admin\AppData\Local\Temp\msedgewebview2.exe
      C:\Users\Admin\AppData\Local\Temp\msedgewebview2.exe -wegame
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\msedgewebview2.exe
    Filesize

    1.5MB

    MD5

    f181b2a76eb206e87d3d943bb0eb1fa1

    SHA1

    2e72ab3d0f8e3e197ad243344bb8b4ffd4a86814

    SHA256

    94b3fb8054cf965cd1050c12734cc88d152ef8a24fb07788fc46b02e0f76cc09

    SHA512

    643e6c8604a934532aab49e07ff4284f281d796cb28c2577566e6fcbd144fd861cf207efd907186661981db7754ee3d15184ff36a84aa044c0e3dfdb59684370

    Download Submit
  • \Users\Admin\AppData\Local\Temp\msedgewebview2.exe
    Filesize

    1.5MB

    MD5

    f181b2a76eb206e87d3d943bb0eb1fa1

    SHA1

    2e72ab3d0f8e3e197ad243344bb8b4ffd4a86814

    SHA256

    94b3fb8054cf965cd1050c12734cc88d152ef8a24fb07788fc46b02e0f76cc09

    SHA512

    643e6c8604a934532aab49e07ff4284f281d796cb28c2577566e6fcbd144fd861cf207efd907186661981db7754ee3d15184ff36a84aa044c0e3dfdb59684370

    Download Submit
  • \Users\Admin\AppData\Local\Temp\msedgewebview2.exe
    Filesize

    1.5MB

    MD5

    f181b2a76eb206e87d3d943bb0eb1fa1

    SHA1

    2e72ab3d0f8e3e197ad243344bb8b4ffd4a86814

    SHA256

    94b3fb8054cf965cd1050c12734cc88d152ef8a24fb07788fc46b02e0f76cc09

    SHA512

    643e6c8604a934532aab49e07ff4284f281d796cb28c2577566e6fcbd144fd861cf207efd907186661981db7754ee3d15184ff36a84aa044c0e3dfdb59684370

    Download Submit
  • memory/2224-7-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-9-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-10-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-11-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-12-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-13-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-14-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-15-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-17-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-16-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-18-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-21-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-19-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-20-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-22-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-25-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-24-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-23-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-26-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-27-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-29-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-31-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-32-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-30-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-28-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-34-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-33-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-35-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-36-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-37-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-40-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-39-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-38-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-41-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-42-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-45-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-44-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-43-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-46-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-47-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-48-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-49-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-50-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-51-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-52-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-53-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-55-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-54-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-57-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-59-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-58-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-56-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-61-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-60-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-63-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-64-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-62-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-65-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-66-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-67-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-69-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-68-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download
  • memory/2224-70-0x00000000000C0000-0x0000000000116000-memory.dmp
    Filesize

    344KB

    Download