Overview

overview

8

Static

static

3

0092a90570...bd.exe

windows7-x64

8

0092a90570...bd.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    195s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 18:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0092a905707b67411fa7410e1928e3bd.exe

  • Size

    15KB

  • MD5

    0092a905707b67411fa7410e1928e3bd

  • SHA1

    2a6124ccc212c3dff546a0888766a471849d0f74

  • SHA256

    2fd730ed3b66cbb49655ca49e1718a3caa147572ba824dc322390ed2ee626009

  • SHA512

    81f77ad014de344fa1f09e869131f24aa4e1860487f0ad74bf13ba96ea9675a48fa5d6ef721c898906eff9e5dea23fe7c5978098d807cf3796321f968bf747e0

  • SSDEEP

    384:3Hi1PKlhMWPyTWz1H2Il9Ivj9djueO+gCW54p:3i43aKzX7Wd5O+aqp

Score
8/10
persistence

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0092a905707b67411fa7410e1928e3bd.exe
    "C:\Users\Admin\AppData\Local\Temp\0092a905707b67411fa7410e1928e3bd.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2968
    • C:\Windows\SysWOW64\System.exe
      C:\Windows\system32\System.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of SetWindowsHookEx
      PID:1752
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\HBSelfDel.dll,MagicDelete C:\Users\Admin\AppData\Local\Temp\0092a905707b67411fa7410e1928e3bd.exe
      2⤵
      • Deletes itself
      • Loads dropped DLL
      PID:2680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\HBSelfDel.dll
    Filesize

    3KB

    MD5

    16fddb8ac4d11916c6920260593ddded

    SHA1

    058ef57237f2898e77a3e65b8b3ded1371a831cd

    SHA256

    1500f761104965c6ba4d4e8cdc3524347f6b189fc95178569a37a1fa870a2eae

    SHA512

    41cfb9ff0455477b0025cfad30c99fe030ba49fcf836d959af8893cdd363429feccac3d9322986ae2b45201367b88ccae42dccd4bb36251a70644ea2ea222243

    Download Submit

  • \Windows\SysWOW64\HBSO2.dll
    Filesize

    24KB

    MD5

    a5735936b44f5bb2bcc31b2ea6143e18

    SHA1

    768d127d012961e1b11a96f3f450ca94d8cef86a

    SHA256

    c67a360b1a243b198bae9812349099c814d58d9323d9e2c9f0df9d9392c44b29

    SHA512

    d63538ea1e2971e7ca3a437d48054dea39dd560683d268482b70e6e58f8465c9f2ed9a4e27b894078acf1943c4e7c3bf96acf3a83a65bda8a34b12cf82ef98be

    Download Submit

  • \Windows\SysWOW64\System.exe
    Filesize

    5KB

    MD5

    dd4ab823aedf142ce4adfacbaa152b86

    SHA1

    50d4425016bcfafc212eccf7680b3378145e3825

    SHA256

    32aef6a43eba50e5d86d285741f05dc9fc7620a8edac8ae6f87da59621ddd753

    SHA512

    c509e3cb08804c395b2fc659ede09a44aaf44129e190cd9a38f86353cbd2b2674b73909d2d9dba5d6c562bcc950e8e90a6c4699d95eb925d0c53d519d1ae5b47

    Download Submit