1075586beae01f4a3debccf159b0137d58fe323e39af4a9955a4f49415a71365

Analysis

max time kernel
142s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
13-01-2024 21:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

596b4051cedadde5756bb3381122c3b3.exe
Size

711KB
MD5

596b4051cedadde5756bb3381122c3b3
SHA1

3f46202e53a82024c2be70d910ec5ac6e7c8b2c2
SHA256

1075586beae01f4a3debccf159b0137d58fe323e39af4a9955a4f49415a71365
SHA512

94b42766d8fe92cefd6e7eeb51265feaf98efa14fb19f3eb863da179743af34f318d7e874a7f41c667e3cc64ddf32e90ba1d7bdc8fd0669b83cb7b7fd58fe644
SSDEEP

12288:Zjk3aOKAJ4fDKsOHYNaqPuYBFI+LSJoF3Z4mxxEDqVTVOCvPn:Zj+KAJ4fDKsOHYRPRBNpQmXzVTz3n

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1512	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2512	www.hmhk.cn.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\UNINSTAL.BAT	596b4051cedadde5756bb3381122c3b3.exe
File created	C:\Windows\www.hmhk.cn.exe	596b4051cedadde5756bb3381122c3b3.exe
File opened for modification	C:\Windows\www.hmhk.cn.exe	596b4051cedadde5756bb3381122c3b3.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2200	596b4051cedadde5756bb3381122c3b3.exe
Token: SeDebugPrivilege	2512	www.hmhk.cn.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2512	www.hmhk.cn.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2504	2512	www.hmhk.cn.exe	28
PID 2512 wrote to memory of 2504	2512	www.hmhk.cn.exe	28
PID 2512 wrote to memory of 2504	2512	www.hmhk.cn.exe	28
PID 2512 wrote to memory of 2504	2512	www.hmhk.cn.exe	28
PID 2200 wrote to memory of 1512	2200	596b4051cedadde5756bb3381122c3b3.exe	31
PID 2200 wrote to memory of 1512	2200	596b4051cedadde5756bb3381122c3b3.exe	31
PID 2200 wrote to memory of 1512	2200	596b4051cedadde5756bb3381122c3b3.exe	31
PID 2200 wrote to memory of 1512	2200	596b4051cedadde5756bb3381122c3b3.exe	31
PID 2200 wrote to memory of 1512	2200	596b4051cedadde5756bb3381122c3b3.exe	31
PID 2200 wrote to memory of 1512	2200	596b4051cedadde5756bb3381122c3b3.exe	31
PID 2200 wrote to memory of 1512	2200	596b4051cedadde5756bb3381122c3b3.exe	31

C:\Users\Admin\AppData\Local\Temp\596b4051cedadde5756bb3381122c3b3.exe
"C:\Users\Admin\AppData\Local\Temp\596b4051cedadde5756bb3381122c3b3.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\UNINSTAL.BAT
  2⤵
  - Deletes itself
  PID:1512

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
1⤵
PID:2504

C:\Windows\www.hmhk.cn.exe
C:\Windows\www.hmhk.cn.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\UNINSTAL.BAT

Filesize
186B

MD5
21bcae402fac26f1e710949f1055a02c

SHA1
ea348c24de7887a0e6eef7ff4981c9d0d87d5bed

SHA256
4855a177e349cdd37cf81e19530c1522cb0ad7229ee097e41fda1718514656cd

SHA512
a136170dae67cd86a83278b71a1f19d7044bff98967d03728054a137fec5b6744dace4ad3f1dcaf522138b3b74ca3ab4c49fc1992db01c133a6f807833cb1060

Download Submit
C:\Windows\www.hmhk.cn.exe

Filesize
20KB

MD5
5b0008e4be5105f5818c19eb4ea82166

SHA1
9bfcc3470ed3462d86fdaf19e23b1d50367711ce

SHA256
13364bf711298a7b0fd84cbcfdfb4ad928271aa4b2d543c1b3485178ae59eaaa

SHA512
3c40014c087cc0108942fdc764d4c48da43daf8db8b7f07530e41675d1ce07034496a9328825361945f5608d65076367d56517c37f2cc6822eb306df924f40a3

Download Submit
C:\Windows\www.hmhk.cn.exe

Filesize
121KB

MD5
f70c60ba583b78ecd040e039a45cc484

SHA1
c2a90c0adbb89d6dcc89fb5a20283e106e4196cc

SHA256
6a5edc4c95159aa1411bfa14a861ee502c97b2d26baa02ec579b4d37f08f3279

SHA512
323bb9333762618384810023bd4e324219a1be61a9bca7ff20e0a655bd057ebafcdfaded56aaa612f96a864c3e3ebb25b2b0a87ab47b011ed2a9796a8c7df6ce

Download Submit
memory/2200-0-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/2200-1-0x0000000000610000-0x0000000000664000-memory.dmp

Filesize
336KB

Download
memory/2200-13-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-19-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-29-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-38-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-46-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-55-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-65-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-64-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-63-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-62-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-61-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-60-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-59-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-58-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-57-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-56-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-54-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-53-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-52-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-51-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-50-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-49-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-48-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-47-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-45-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-44-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-43-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-42-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-41-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-40-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-39-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-37-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-36-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-35-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-34-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-33-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-32-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-31-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-30-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-28-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-27-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-26-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-25-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-24-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-23-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-22-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-21-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-20-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-18-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-17-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-16-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-15-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2200-14-0x0000000003380000-0x00000000033C0000-memory.dmp

Filesize
256KB

Download
memory/2200-10-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/2200-9-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/2200-8-0x00000000006B0000-0x00000000006B1000-memory.dmp

Filesize
4KB

Download
memory/2200-7-0x00000000006C0000-0x00000000006C1000-memory.dmp

Filesize
4KB

Download
memory/2200-6-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/2200-5-0x00000000005F0000-0x00000000005F1000-memory.dmp

Filesize
4KB

Download
memory/2200-4-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download
memory/2200-3-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/2200-2-0x00000000006A0000-0x00000000006A1000-memory.dmp

Filesize
4KB

Download
memory/2200-171-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/2512-174-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/2512-191-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download