Overview

overview

7

Static

static

1

Hola-Setup...42.exe

windows7-x64

3

Hola-Setup...42.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    38s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    18/01/2024, 05:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Hola-Setup-C-Mmv42.exe

  • Size

    2.9MB

  • MD5

    dc29dd92582fe161658ceea65e314239

  • SHA1

    22cbba5817885e3bd99470cfda7a49a7aa005a65

  • SHA256

    e2e0b07cf6f82a50a7875022f5d3bf13ccd0b8e25d5d23a884ad5eb18ca8d306

  • SHA512

    0ca785098d55efa83b1bebac71cc9d926661d67eb0dba85db3afdcf54653c1e9902f74a2e094c1ee1b0645833216b9653e71d354fdbfa5e8ec43ab149c4ff413

  • SSDEEP

    24576:yJyn9l7TSInUrer2lTL2Kk8cfLDxvqGos7S8m657w6ZBLmkitKqBCjC0PDgM5A4C:9Ka29L218cvxiVV1BCjBknWo

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Hola-Setup-C-Mmv42.exe
    "C:\Users\Admin\AppData\Local\Temp\Hola-Setup-C-Mmv42.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1696
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 1404
      2⤵
      • Program crash
      PID:1820
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2728

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1696-0-0x0000000000B00000-0x0000000000DE0000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/1696-1-0x0000000074730000-0x0000000074E1E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/1696-3-0x0000000005060000-0x0000000005110000-memory.dmp

      Filesize

      704KB

      Download

    • memory/1696-2-0x0000000004D40000-0x0000000004D80000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1696-4-0x0000000074730000-0x0000000074E1E000-memory.dmp

      Filesize

      6.9MB

      Download