8144743b0a64295bfc985e1074aef85835516ff69ed31ba84c064b99da2ed91f

Analysis

max time kernel
93s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2023, 23:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8144743b0a64295bfc985e1074aef85835516ff69ed31ba84c064b99da2ed91f.exe
Size

2.4MB
MD5

88aea50f5603d50db0649acedb802494
SHA1

ff9cf8dcf4292f840cd17e4cd83e4c028f3aeb61
SHA256

8144743b0a64295bfc985e1074aef85835516ff69ed31ba84c064b99da2ed91f
SHA512

4d6fb4b936a2e2b4ad6e9fba6387c45cb67deaceeb8400480ec61f06bbb7ff4fbff7d425015c02a0370dc3b4586bcdcc45ae5ac1a5e27daeb073ae8080bcad95
SSDEEP

49152:gHeawhTk/BQ5l72ZfefZ71gpgE0khFu7DRzYu:Aea/pQXe2fZ7GV0SFIb

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
5060	8144743b0a64295bfc985e1074aef85835516ff69ed31ba84c064b99da2ed91f.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5060	8144743b0a64295bfc985e1074aef85835516ff69ed31ba84c064b99da2ed91f.exe
5060	8144743b0a64295bfc985e1074aef85835516ff69ed31ba84c064b99da2ed91f.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5060	8144743b0a64295bfc985e1074aef85835516ff69ed31ba84c064b99da2ed91f.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5060	8144743b0a64295bfc985e1074aef85835516ff69ed31ba84c064b99da2ed91f.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
5060	8144743b0a64295bfc985e1074aef85835516ff69ed31ba84c064b99da2ed91f.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5060	8144743b0a64295bfc985e1074aef85835516ff69ed31ba84c064b99da2ed91f.exe
5060	8144743b0a64295bfc985e1074aef85835516ff69ed31ba84c064b99da2ed91f.exe

C:\Users\Admin\AppData\Local\Temp\8144743b0a64295bfc985e1074aef85835516ff69ed31ba84c064b99da2ed91f.exe
"C:\Users\Admin\AppData\Local\Temp\8144743b0a64295bfc985e1074aef85835516ff69ed31ba84c064b99da2ed91f.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\HPSocket4C.dll

Filesize
801KB

MD5
8a080e380233d40e978f94062f99a620

SHA1
9a84a3b10a755e1ea77d42aeb7d44bd958d9d2b3

SHA256
d5fd87c08befce28aee9f6e4eae71be74059ff77bcf5d54df3cf9ba2a40c1af9

SHA512
3a00333648f342d663a0fe643616811e2321fd6df982274758bbd65bf8649fc173420ee675ae6a7eeffd856277fd2b4ff7bdd49d59ad45c125e3230a7d62d6e5

Download Submit
memory/5060-9-0x00000000758C0000-0x0000000075A60000-memory.dmp

Filesize
1.6MB

Download
memory/5060-17-0x0000000073D00000-0x0000000073FEC000-memory.dmp

Filesize
2.9MB

Download
memory/5060-3-0x0000000000400000-0x0000000000AC3000-memory.dmp

Filesize
6.8MB

Download
memory/5060-4-0x0000000010000000-0x0000000010116000-memory.dmp

Filesize
1.1MB

Download
memory/5060-8-0x0000000002D30000-0x0000000002D89000-memory.dmp

Filesize
356KB

Download
memory/5060-0-0x0000000000400000-0x0000000000AC3000-memory.dmp

Filesize
6.8MB

Download
memory/5060-1-0x0000000001080000-0x0000000001081000-memory.dmp

Filesize
4KB

Download
memory/5060-2-0x0000000000400000-0x0000000000AC3000-memory.dmp

Filesize
6.8MB

Download
memory/5060-18-0x0000000073D00000-0x0000000073FEC000-memory.dmp

Filesize
2.9MB

Download
memory/5060-19-0x0000000073D00000-0x0000000073FEC000-memory.dmp

Filesize
2.9MB

Download
memory/5060-20-0x0000000000400000-0x0000000000AC3000-memory.dmp

Filesize
6.8MB

Download
memory/5060-21-0x00000000758C0000-0x0000000075A60000-memory.dmp

Filesize
1.6MB

Download
memory/5060-22-0x0000000002D30000-0x0000000002D89000-memory.dmp

Filesize
356KB

Download
memory/5060-23-0x0000000073D00000-0x0000000073FEC000-memory.dmp

Filesize
2.9MB

Download