Overview

overview

7

Static

static

3

4cf0d2e214...32.exe

windows7-x64

7

4cf0d2e214...32.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 02:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4cf0d2e214604c69210f4f2be335e332.exe

  • Size

    209KB

  • MD5

    4cf0d2e214604c69210f4f2be335e332

  • SHA1

    f6c8a88b344ba67fccfd441c2ed522cea7ddfab1

  • SHA256

    81a66e77fabaf299d58a04e6be3886702600605481fb97e848128dfa960f1433

  • SHA512

    aff33bcefa972a0888f42469deece0d35a92d3011ecd348da9d925822fdbce4338dbca8b02ce2266b209351abd4434f569134b368f3b4849171fb7736e4e05bf

  • SSDEEP

    3072:aX8unoac6cjZvOALi4gtv36qYj5wmWuu8a4BOFpxofTu/4pLthEjQT6n:aX9noa/cgRfYkudBsxyu/kEjR

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4cf0d2e214604c69210f4f2be335e332.exe
    "C:\Users\Admin\AppData\Local\Temp\4cf0d2e214604c69210f4f2be335e332.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:776
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\windows\system\HZVN.exe.bat" "
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2144
      • C:\windows\system\HZVN.exe
        C:\windows\system\HZVN.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:2152

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\system\HZVN.exe.bat
    Filesize

    68B

    MD5

    3645c9786e03145927093635c607cfc4

    SHA1

    a479eb86a93868c7d247792b9501d2b72063e0fc

    SHA256

    5e9f10a6bc2d29c371c90b41970ad82810eb3075422caa4d47251764f510c257

    SHA512

    de8bbef20f0f9ec82fb4b0c5af9f9961c3c6e70bb33cf09a6e1e8e9989d7455c05fbcb98e7d2890d8a80e77b33c0b74bb9917555e61b0f58f884d16ef7279902

    Download Submit

  • \Windows\system\HZVN.exe
    Filesize

    209KB

    MD5

    628143ff27bb506ba4b5f8ca27e50225

    SHA1

    59564ec8a33c029ce230d816275effb14f66bcb3

    SHA256

    9d977ff51b000f5aa1718a3a38e5a39e3ecda30f0357006d41f41d78690b5091

    SHA512

    ef9625a51e844502bbf09db55fd107818783dfb39f7d9e765fe9a29230418ef98e87b1d7eb0c202d5c37a15946669f4c2d82f94c8a27fd713e0a8c126c2bb0c9

    Download Submit

  • memory/776-0-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/776-12-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2144-18-0x0000000000170000-0x00000000001A8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2144-16-0x0000000000170000-0x00000000001A8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2152-20-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2152-21-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download