Overview

overview

10

Static

static

7

2023.10.12.exe

windows7-x64

1

2023.10.12.exe

windows10-2004-x64

1

HipsMain.exe

windows7-x64

7

HipsMain.exe

windows10-2004-x64

7

HipsMain1.exe

windows7-x64

7

HipsMain1.exe

windows10-2004-x64

7

[local]loader.exe

windows7-x64

7

[local]loader.exe

windows10-2004-x64

7

[sus]aaa.exe

windows7-x64

10

[sus]aaa.exe

windows10-2004-x64

10

logsave.exe

windows7-x64

7

logsave.exe

windows10-2004-x64

7

福建省�...��.exe

windows7-x64

7

福建省�...��.exe

windows10-2004-x64

7

说明书.exe

windows7-x64

1

说明书.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    27-10-2023 03:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HipsMain.exe

  • Size

    9.0MB

  • MD5

    4eca89b96ba84a68348f85b3a9dc03b7

  • SHA1

    a1fd3e9093d8153b15fc1102f35c745b375ce9dc

  • SHA256

    8df72d49778de3cc2ba9c31299f7f4a0a0a144ea4826a51b1de75d037ba2a7f7

  • SHA512

    6170c930d76c9aca6ee9a6b4816b829677c7b303a20afc62e38fe675c7acd1e1fb8dca756c4ed44106fa1f37a99e05ebd271f78b7edddf238a3a15effd78ec32

  • SSDEEP

    196608:ohPrc50mr2puHUHNTqICteEroXx8axG6NIyzlu8pgUN0Mi8mENps:OcKmr2pu0tTqInEroXOakuIyzlu8pja4

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HipsMain.exe
    "C:\Users\Admin\AppData\Local\Temp\HipsMain.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Users\Admin\AppData\Local\Temp\HipsMain.exe
      "C:\Users\Admin\AppData\Local\Temp\HipsMain.exe"
      2⤵
      • Loads dropped DLL
      PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI28722\python39.dll
    Filesize

    4.3MB

    MD5

    0c74e7172e79148d2c995951cb828fa1

    SHA1

    6e46616de50a7871668b2e6a22895b9c594d232a

    SHA256

    3937d1865f5a6f9ba892705bbe75352defc7b083b61894a4bdb6adefe0c2b39d

    SHA512

    bbca4b2c6338f0d4274c5db371cae075834677844e457280d8d9f2c5ba74b3a9a159aeb978cf3fa4983d2efda62cbc2c9570d56e4a9682324f7fc7c2788ede86

    Download Submit
  • \Users\Admin\AppData\Local\Temp\_MEI28722\python39.dll
    Filesize

    4.3MB

    MD5

    0c74e7172e79148d2c995951cb828fa1

    SHA1

    6e46616de50a7871668b2e6a22895b9c594d232a

    SHA256

    3937d1865f5a6f9ba892705bbe75352defc7b083b61894a4bdb6adefe0c2b39d

    SHA512

    bbca4b2c6338f0d4274c5db371cae075834677844e457280d8d9f2c5ba74b3a9a159aeb978cf3fa4983d2efda62cbc2c9570d56e4a9682324f7fc7c2788ede86

    Download Submit