47cea82969737c8711c301eb2c19e0fd482fb5f78dcb710a5448de842f842102

Analysis

max time kernel
142s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 10:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66bab775c0327b1f99cfb5e50a883fd8.exe
Size

262KB
MD5

66bab775c0327b1f99cfb5e50a883fd8
SHA1

5de2bc9a2ef14bb91d4398b10cf39e2dfe250270
SHA256

47cea82969737c8711c301eb2c19e0fd482fb5f78dcb710a5448de842f842102
SHA512

937e65b1edb800447325f2963867f5d6ea2633b78bc42ec982a448d725735be5f098a8982fb23282562ea8fb24ce7f9e4762dfde293f3364de646ebe3518cd8e
SSDEEP

6144:tTfFDbRnOTrt5Jya339EO0IFA0V1iVKQOFHnMEB8BXrm9:D5OHH9t0ATT5FH3B8BXrm9

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 16 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\hahagame\Skins\Office2003.asz	66bab775c0327b1f99cfb5e50a883fd8.exe
File created	C:\Program Files (x86)\hahagame\Skins\Office2007.asz	66bab775c0327b1f99cfb5e50a883fd8.exe
File opened for modification	C:\Program Files (x86)\hahagame\Skins\Office2007.asz	66bab775c0327b1f99cfb5e50a883fd8.exe
File created	C:\Program Files (x86)\hahagame\Skins\冬季恋歌.asz	66bab775c0327b1f99cfb5e50a883fd8.exe
File created	C:\Program Files (x86)\hahagame\Skins\简约之美.asz	66bab775c0327b1f99cfb5e50a883fd8.exe
File opened for modification	C:\Program Files (x86)\hahagame	66bab775c0327b1f99cfb5e50a883fd8.exe
File opened for modification	C:\Program Files (x86)\hahagame\Skins\冬季恋歌.asz	66bab775c0327b1f99cfb5e50a883fd8.exe
File created	C:\Program Files (x86)\hahagame\Skins\兰色沉思.asz	66bab775c0327b1f99cfb5e50a883fd8.exe
File opened for modification	C:\Program Files (x86)\hahagame\Skins\怀旧木纹.asz	66bab775c0327b1f99cfb5e50a883fd8.exe
File created	C:\Program Files (x86)\hahagame\Skins\灰色轨迹.asz	66bab775c0327b1f99cfb5e50a883fd8.exe
File created	C:\Program Files (x86)\hahagame\Skins\怀旧木纹.asz	66bab775c0327b1f99cfb5e50a883fd8.exe
File opened for modification	C:\Program Files (x86)\hahagame\Skins\Office2003.asz	66bab775c0327b1f99cfb5e50a883fd8.exe
File opened for modification	C:\Program Files (x86)\hahagame\Skins	66bab775c0327b1f99cfb5e50a883fd8.exe
File opened for modification	C:\Program Files (x86)\hahagame\Skins\兰色沉思.asz	66bab775c0327b1f99cfb5e50a883fd8.exe
File opened for modification	C:\Program Files (x86)\hahagame\Skins\灰色轨迹.asz	66bab775c0327b1f99cfb5e50a883fd8.exe
File created	C:\Program Files (x86)\hahagame\__tmp_rar_sfx_access_check_259419179	66bab775c0327b1f99cfb5e50a883fd8.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2156	66bab775c0327b1f99cfb5e50a883fd8.exe

C:\Users\Admin\AppData\Local\Temp\66bab775c0327b1f99cfb5e50a883fd8.exe
"C:\Users\Admin\AppData\Local\Temp\66bab775c0327b1f99cfb5e50a883fd8.exe"
1⤵
- Drops file in Program Files directory
- Suspicious behavior: GetForegroundWindowSpam
PID:2156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2156-14-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download