Analysis
-
max time kernel
137s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
06-11-2023 22:09
Behavioral task
behavioral1
Sample
han.exe
Resource
win7-20231023-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
han.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
han.exe
-
Size
2.3MB
-
MD5
d28dc0c7e546e8f0e4ac5b9106d72fda
-
SHA1
1d6720b2e4bfe813adfbe2b45e9554e3b4b08542
-
SHA256
9d6fa0924b1af1e34d01ecf998135140d96ea73bcf1fe28941f66e1ba3f7d9bf
-
SHA512
e279c197f83cf0bbcedead49f7efa7d8176187740b6f145f1058c714ab2fb7c250aee01b8f8dd625bcd1d7b5d50dd5c5c9e82409a1d06885d026f014b9c9ba7e
-
SSDEEP
49152:nkWk5cS7a+9XYaQ6Zehc4mTYJ78V9gyBn4czPfmP/SA8N:fajJhZ942KQV9hp44PfmP/SA8
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
han.exepid Process 3428 han.exe 3428 han.exe 3428 han.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
han.exedescription pid Process procid_target PID 3428 wrote to memory of 4668 3428 han.exe 93 PID 3428 wrote to memory of 4668 3428 han.exe 93 PID 3428 wrote to memory of 4668 3428 han.exe 93