2dbaf66d935c7db554a2ed7db9e405c5a0462b9106e463c042974e88a18e2882

Analysis

max time kernel
130s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 16:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hddregenerator.exe
Size

15.1MB
MD5

42b85064a5d103d082d930e968f2eee8
SHA1

b6d4f99c87cf87e35c2f5bc63ebdbb345a629114
SHA256

621eaecdc7727ba4b115c233b1d5857667925b0f3aec886362c551d597d90fad
SHA512

d167c76a0c5d3a0de2aeb81b6d19818413f1226d7d0949f8777101d3b428a4abc3b43d7751d189b498d05867ab0c3b9098ff36ff4c95b31b0cf5dccb22794e8e
SSDEEP

196608:ETsZNt15FmYyiEDGRLNgS1Szld5HgO95cmpkmVIXGu6CZDAVcqWmXufyahPyah2J:B1f2DGRyVsmpOWu6XFTXQFPF2BgByYY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2104	hddregenerator.tmp

Loads dropped DLL 5 IoCs

pid	Process
2104	hddregenerator.tmp
2104	hddregenerator.tmp
2104	hddregenerator.tmp
2104	hddregenerator.tmp
2104	hddregenerator.tmp

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	7	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2104	2236	hddregenerator.exe	22
PID 2236 wrote to memory of 2104	2236	hddregenerator.exe	22
PID 2236 wrote to memory of 2104	2236	hddregenerator.exe	22

C:\Users\Admin\AppData\Local\Temp\hddregenerator.exe
"C:\Users\Admin\AppData\Local\Temp\hddregenerator.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Users\Admin\AppData\Local\Temp\is-Q0FN6.tmp\hddregenerator.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-Q0FN6.tmp\hddregenerator.tmp" /SL5="$401D6,15171470,146432,C:\Users\Admin\AppData\Local\Temp\hddregenerator.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-2F3B0.tmp\_isetup\_isdecmp.dll

Filesize
23KB

MD5
77d6d961f71a8c558513bed6fd0ad6f1

SHA1
122bb9ed6704b72250e4e31b5d5fc2f0476c4b6a

SHA256
5da7c8d33d3b7db46277012d92875c0b850c8abf1eb3c8c9c5b9532089a0bcf0

SHA512
b0921e2442b4cdec8cc479ba3751a01c0646a4804e2f4a5d5632fa2dbf54cc45d4cccffa4d5b522d42afc2f6a622e07882ed7e663c8462333b082e82503f335a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2F3B0.tmp\botva2.dll

Filesize
41KB

MD5
ef899fa243c07b7b82b3a45f6ec36771

SHA1
4a86313cc8766dcad1c2b00c2b8f9bbe0cf8bbbe

SHA256
da7d0368712ee419952eb2640a65a7f24e39fb7872442ed4d2ee847ec4cfde77

SHA512
3f98b5ad9adfad2111ebd1d8cbab9ae423d624d1668cc64c0bfcdbfedf30c1ce3ea6bc6bcf70f7dd1b01172a4349e7c84fb75d395ee5af73866574c1d734c6e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2F3B0.tmp\idp.dll

Filesize
232KB

MD5
55c310c0319260d798757557ab3bf636

SHA1
0892eb7ed31d8bb20a56c6835990749011a2d8de

SHA256
54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed

SHA512
e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-Q0FN6.tmp\hddregenerator.tmp

Filesize
1.2MB

MD5
7726fc283928f5aaa783e9077f591b67

SHA1
de74c0a59ce80cab30df874a7502430506897ad3

SHA256
403a935a15f667dc92f58344eba28a66f2fec8d83c30fcf5908ef618c767ce18

SHA512
4dc7321590c0f56c580210513b883d46c922c8283fd4990576d0f44681c30021de99a55ad89f90b8989a8dbc883db13de3948ee231136d233c01a7b623c828a3

Download Submit
memory/2104-6-0x0000000002300000-0x0000000002301000-memory.dmp

Filesize
4KB

Download
memory/2104-24-0x0000000003800000-0x000000000380F000-memory.dmp

Filesize
60KB

Download
memory/2104-45-0x0000000003800000-0x000000000380F000-memory.dmp

Filesize
60KB

Download
memory/2104-44-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/2104-49-0x0000000002300000-0x0000000002301000-memory.dmp

Filesize
4KB

Download
memory/2236-0-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2236-2-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2236-43-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download