1075586beae01f4a3debccf159b0137d58fe323e39af4a9955a4f49415a71365

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/01/2024, 21:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

596b4051cedadde5756bb3381122c3b3.exe
Size

711KB
MD5

596b4051cedadde5756bb3381122c3b3
SHA1

3f46202e53a82024c2be70d910ec5ac6e7c8b2c2
SHA256

1075586beae01f4a3debccf159b0137d58fe323e39af4a9955a4f49415a71365
SHA512

94b42766d8fe92cefd6e7eeb51265feaf98efa14fb19f3eb863da179743af34f318d7e874a7f41c667e3cc64ddf32e90ba1d7bdc8fd0669b83cb7b7fd58fe644
SSDEEP

12288:Zjk3aOKAJ4fDKsOHYNaqPuYBFI+LSJoF3Z4mxxEDqVTVOCvPn:Zj+KAJ4fDKsOHYRPRBNpQmXzVTz3n

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4792	www.hmhk.cn.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\www.hmhk.cn.exe	596b4051cedadde5756bb3381122c3b3.exe
File created	C:\Windows\UNINSTAL.BAT	596b4051cedadde5756bb3381122c3b3.exe
File created	C:\Windows\www.hmhk.cn.exe	596b4051cedadde5756bb3381122c3b3.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4496	4940	WerFault.exe	15

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4940	596b4051cedadde5756bb3381122c3b3.exe
Token: SeDebugPrivilege	4792	www.hmhk.cn.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4792	www.hmhk.cn.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4792 wrote to memory of 116	4792	www.hmhk.cn.exe	22
PID 4792 wrote to memory of 116	4792	www.hmhk.cn.exe	22
PID 4940 wrote to memory of 3256	4940	596b4051cedadde5756bb3381122c3b3.exe	41
PID 4940 wrote to memory of 3256	4940	596b4051cedadde5756bb3381122c3b3.exe	41
PID 4940 wrote to memory of 3256	4940	596b4051cedadde5756bb3381122c3b3.exe	41

C:\Users\Admin\AppData\Local\Temp\596b4051cedadde5756bb3381122c3b3.exe
"C:\Users\Admin\AppData\Local\Temp\596b4051cedadde5756bb3381122c3b3.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4940
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 704
  2⤵
  - Program crash
  PID:4496
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\UNINSTAL.BAT
  2⤵
  PID:3256

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
1⤵
PID:116

C:\Windows\www.hmhk.cn.exe
C:\Windows\www.hmhk.cn.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4940 -ip 4940
1⤵
PID:1840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\UNINSTAL.BAT

Filesize
186B

MD5
21bcae402fac26f1e710949f1055a02c

SHA1
ea348c24de7887a0e6eef7ff4981c9d0d87d5bed

SHA256
4855a177e349cdd37cf81e19530c1522cb0ad7229ee097e41fda1718514656cd

SHA512
a136170dae67cd86a83278b71a1f19d7044bff98967d03728054a137fec5b6744dace4ad3f1dcaf522138b3b74ca3ab4c49fc1992db01c133a6f807833cb1060

Download Submit
C:\Windows\www.hmhk.cn.exe

Filesize
40KB

MD5
a9aa49a6d7aa26b0f864a6fdeb62f755

SHA1
3be7d4b54362a1edd7f9a88b5f7e3d93a8d25958

SHA256
9ac5dc89703d2e9dc1c512c4f450d77de876617f7dd401a9e527e1f779a34eee

SHA512
5f5779248f765e8ecec40c2aae086c0331056db95c1bbe19d5bdc58ba309c7029cee3fa39fa3f8bb1120d5b1f1d25e73e956481823cf9e71e9a17fe5af09d739

Download Submit
C:\Windows\www.hmhk.cn.exe

Filesize
82KB

MD5
dd512cfadcdbcda9e6b2e3d0d98a2b9d

SHA1
13057c3c0206d3e8c095e8ca2c73fbe257b1dc23

SHA256
3d591557c25e666c3cff0742ef1fefb437d5335b92dd8a31c06f50a1e0a1efbf

SHA512
e512387a3239bf0165d429b212e278aa7c7f4bada3884d3d56392a7f766624a18073b1221c0c0092646aef2a8a562b1bcb3b924501bd09646f59b8516e6595a9

Download Submit
memory/4940-0-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/4940-10-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/4940-16-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-21-0x0000000003600000-0x0000000003601000-memory.dmp

Filesize
4KB

Download
memory/4940-20-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-19-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-23-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-26-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-34-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-38-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-46-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-50-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-56-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-65-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-64-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-63-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-62-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-61-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-60-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-59-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-58-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-57-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-55-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-54-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-53-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-52-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-51-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-49-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-48-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-47-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-45-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-44-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-43-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-42-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-41-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-40-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-39-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-37-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-36-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-35-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-33-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-32-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-31-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-30-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-29-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-28-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-27-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-25-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-24-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-22-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-18-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-17-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-15-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-12-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-11-0x0000000003500000-0x0000000003600000-memory.dmp

Filesize
1024KB

Download
memory/4940-9-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/4940-8-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/4940-7-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/4940-6-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/4940-5-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/4940-4-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/4940-3-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/4940-2-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/4940-1-0x0000000002300000-0x0000000002354000-memory.dmp

Filesize
336KB

Download
memory/4940-119-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download