Overview

overview

7

Static

static

1

360hb4.0.240.0.exe

windows7-x64

7

360hb4.0.240.0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    85s
  • max time network
    116s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/11/2023, 02:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    360hb4.0.240.0.exe

  • Size

    7.7MB

  • MD5

    30d0b9236b7af9fa9b54359b4af6d474

  • SHA1

    f4c2acf1a116c32bf30ba23a7a552f5970b4fc43

  • SHA256

    68499d701ad0a999a958b5171e6d6523eeae021bbcec24fa64280b92883a0b4d

  • SHA512

    b96d7e3458b7165e966649656429623eb0ae1099f7b3763512c0d49d0206db7bdece0ad8802ebbe471c8a2e8b16297227abb2acb1e9dc5d3d318cbf4b2e04205

  • SSDEEP

    196608:qV5+o45a43dLbc3I6fej7hJR36NpVk2w/X4lYVLeF:u145/67feX96NLw/X48LeF

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\360hb4.0.240.0.exe
    "C:\Users\Admin\AppData\Local\Temp\360hb4.0.240.0.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4024
    • C:\Users\Admin\AppData\Local\Temp\360hb_tmp\4.0.240.0\360huabaosetup.exe
      "C:\Users\Admin\AppData\Local\Temp\360hb_tmp\4.0.240.0\360huabaosetup.exe" --user /exename:360hb4.0.240.0.exe
      2⤵
      • Executes dropped EXE
      • Writes to the Master Boot Record (MBR)
      PID:4812

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\360hb_tmp\4.0.240.0\360huabaosetup.exe
          Filesize

          1.5MB

          MD5

          96fb0c9291c3dc0e3c05afcbd8b58be2

          SHA1

          0644af0d890cb09fd53a130b77c94c2f4c8cf44c

          SHA256

          1a5aecf03250e83ac654cbc06a69be78d50efd20a57eca5143910d63196466b7

          SHA512

          7777635242f15fc23f1dfbff33a0fe3dd85794d83b6dae2c5ee8a3b18ecf6fcf49f08da0888c1480ca3180507c3c1bf8e9c65ca2d1362a59d4a9ab8a0308f77c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\360hb_tmp\4.0.240.0\360huabaosetup.exe
          Filesize

          1.5MB

          MD5

          96fb0c9291c3dc0e3c05afcbd8b58be2

          SHA1

          0644af0d890cb09fd53a130b77c94c2f4c8cf44c

          SHA256

          1a5aecf03250e83ac654cbc06a69be78d50efd20a57eca5143910d63196466b7

          SHA512

          7777635242f15fc23f1dfbff33a0fe3dd85794d83b6dae2c5ee8a3b18ecf6fcf49f08da0888c1480ca3180507c3c1bf8e9c65ca2d1362a59d4a9ab8a0308f77c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\360hb_tmp\4.0.240.0\360huabaosetup.exe
          Filesize

          1.5MB

          MD5

          96fb0c9291c3dc0e3c05afcbd8b58be2

          SHA1

          0644af0d890cb09fd53a130b77c94c2f4c8cf44c

          SHA256

          1a5aecf03250e83ac654cbc06a69be78d50efd20a57eca5143910d63196466b7

          SHA512

          7777635242f15fc23f1dfbff33a0fe3dd85794d83b6dae2c5ee8a3b18ecf6fcf49f08da0888c1480ca3180507c3c1bf8e9c65ca2d1362a59d4a9ab8a0308f77c

          Download Submit