Analysis
-
max time kernel
153s -
max time network
270s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/01/2024, 02:41
Behavioral task
behavioral1
Sample
hysfors.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
hysfors.exe
Resource
win10v2004-20231215-en
General
-
Target
hysfors.exe
-
Size
7KB
-
MD5
7d6b7776f22725f3243703591047788d
-
SHA1
28832497e392e267ddd8380af02b6c9e651364eb
-
SHA256
b53b37a5d6609f40c61ed710042efc401b6e374eb8e43d0d6168cdbd3f6295da
-
SHA512
146ad8f087ee6441c8a4e4f6672f0efbc732eb585b2f4dee2126fd8276517584e88615a2c442652bf06e321b5c64e1f6a2c865e63dca8409470aecf312580c81
-
SSDEEP
24:eFGStrJ9u0/6FanZdkBQAV2oOxfYKZqxeNDMSCvOXpmB:is0MSkBQhxwvSD9C2kB
Malware Config
Extracted
metasploit
metasploit_stager
193.161.193.99:44039
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe Token: SeShutdownPrivilege 2748 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe 2748 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2748 wrote to memory of 2720 2748 chrome.exe 31 PID 2748 wrote to memory of 2720 2748 chrome.exe 31 PID 2748 wrote to memory of 2720 2748 chrome.exe 31 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2140 2748 chrome.exe 33 PID 2748 wrote to memory of 2900 2748 chrome.exe 34 PID 2748 wrote to memory of 2900 2748 chrome.exe 34 PID 2748 wrote to memory of 2900 2748 chrome.exe 34 PID 2748 wrote to memory of 2832 2748 chrome.exe 35 PID 2748 wrote to memory of 2832 2748 chrome.exe 35 PID 2748 wrote to memory of 2832 2748 chrome.exe 35 PID 2748 wrote to memory of 2832 2748 chrome.exe 35 PID 2748 wrote to memory of 2832 2748 chrome.exe 35 PID 2748 wrote to memory of 2832 2748 chrome.exe 35 PID 2748 wrote to memory of 2832 2748 chrome.exe 35 PID 2748 wrote to memory of 2832 2748 chrome.exe 35 PID 2748 wrote to memory of 2832 2748 chrome.exe 35 PID 2748 wrote to memory of 2832 2748 chrome.exe 35 PID 2748 wrote to memory of 2832 2748 chrome.exe 35 PID 2748 wrote to memory of 2832 2748 chrome.exe 35 PID 2748 wrote to memory of 2832 2748 chrome.exe 35 PID 2748 wrote to memory of 2832 2748 chrome.exe 35 PID 2748 wrote to memory of 2832 2748 chrome.exe 35 PID 2748 wrote to memory of 2832 2748 chrome.exe 35 PID 2748 wrote to memory of 2832 2748 chrome.exe 35 PID 2748 wrote to memory of 2832 2748 chrome.exe 35 PID 2748 wrote to memory of 2832 2748 chrome.exe 35
Processes
-
C:\Users\Admin\AppData\Local\Temp\hysfors.exe"C:\Users\Admin\AppData\Local\Temp\hysfors.exe"1⤵PID:2916
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2748 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6cd9758,0x7fef6cd9768,0x7fef6cd97782⤵PID:2720
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1180,i,16640461595147072840,10270277236555208094,131072 /prefetch:22⤵PID:2140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1180,i,16640461595147072840,10270277236555208094,131072 /prefetch:82⤵PID:2900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1556 --field-trial-handle=1180,i,16640461595147072840,10270277236555208094,131072 /prefetch:82⤵PID:2832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2256 --field-trial-handle=1180,i,16640461595147072840,10270277236555208094,131072 /prefetch:12⤵PID:2852
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2264 --field-trial-handle=1180,i,16640461595147072840,10270277236555208094,131072 /prefetch:12⤵PID:2948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1244 --field-trial-handle=1180,i,16640461595147072840,10270277236555208094,131072 /prefetch:22⤵PID:1776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3176 --field-trial-handle=1180,i,16640461595147072840,10270277236555208094,131072 /prefetch:12⤵PID:1800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3456 --field-trial-handle=1180,i,16640461595147072840,10270277236555208094,131072 /prefetch:82⤵PID:1580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3468 --field-trial-handle=1180,i,16640461595147072840,10270277236555208094,131072 /prefetch:82⤵PID:2356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 --field-trial-handle=1180,i,16640461595147072840,10270277236555208094,131072 /prefetch:82⤵PID:2028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3496 --field-trial-handle=1180,i,16640461595147072840,10270277236555208094,131072 /prefetch:12⤵PID:1600
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1972
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
201KB
MD5c445ab4315d0633d446998c80764cc36
SHA147d3dee9845cc6e29b6771dd6560793b8b93000e
SHA2565635695eeb70b51c449aea7a5bd3c9699c3c28c64498fb7fcb8173aad45d7242
SHA51283a32ffdddf3ee56e89f232c8d05a4b00265895b0e41d13700f90fa389f0bf3f112c291c24c3819751803322b11e2ff866971d835d601672b36818c4e099bff1
-
Filesize
168B
MD5d1ca40b452ffbf87d7b6895db81fff23
SHA109abeceaf5e2750360515af4052fc1aad577de18
SHA256c86903c685536c9dcadb89f22c53dda80cb75c9c41885ffd65c765a513ce57f7
SHA51272b8367e920b6e2c8dd8c2ff502f9757c343c5e526fe7b72520c122981edb04f23669a6f23f41ee86d5e9622aeec20f4f8b98ad101dd88886cecb822a18a2e12
-
Filesize
168B
MD5a6f268eb20a090f275436b1d082b6381
SHA11cd0c5b918407e3e3cb6081a30d990c623312327
SHA256a2961b1c872aae49bf83a17c46ae87482c53206a7678f133399c6fb3aece33e5
SHA51212c1f3add0456f1447999eb082bb40dc84990bae96871bfb5a903182e1f01aa0b21594f36942da8b6954b4d3447506b3dcb7f774b93258404c925511cbbbd267
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
1KB
MD5363bfd5f31ecaa986c24a2934c5f43dd
SHA1991fd770da3e12c84f7b8a21ffe295feaa9c76cd
SHA256d9f500f98eb3c4d0e916d1c23508a8d0d92db7ba38c02d2b3a7c932b34bb087b
SHA512d34adf6a62a915d687e49f07f74661203dbe410466bff5c0e2c5e5ef07ae72c5c1050afe07b91839ee4bd1c8b45df7c78cec65ad2d658fe4ae5b0dff269bbae8
-
Filesize
363B
MD5d948552fa439b4f0aa593bf65af5df09
SHA13e08071b9927ec78e604e3101093f76023cc1d6c
SHA256af7392eac06d649eb6c7daf200099812748cb3260d42eba522c25747bfa6b612
SHA5129bab8f10f8191b1c84156b04a07187b976665e6624fbbc0d595d680809e55392afad29a9cfde45d7fac110902ebb06ec2fbb34b696673a7351a61fd40ad705cc
-
Filesize
4KB
MD5bef47eb9e916d2455fe484469f139f86
SHA1db81794a4e5d59fe4e9ecbc5ddd6a8a81f99b229
SHA25685f503a1ca74808567338b9d0c24ad4e3c76f7a7aec706dd42895def3f34b813
SHA512f8664586a541b142b93676c0e93985924e248d2b0196c8cb4fe74cc1e9ce5382c2d8b70308232f4645d9b3e643b0f59d206b5a4ab101eb0c5aef1f79a7ec9a9c
-
Filesize
5KB
MD5081b1be4df505859970ce3758ba872ec
SHA13c541cab18cc94a68c22a8698b9665e43f792745
SHA256afeea11822a5bb230f8b52337d2703b62863fd97cafc93c40b62e7034fe0a30e
SHA5127fb19023641d0f2d920a24e38f388eefbd03ce32e24ac07c70d0673747f3b38675597b49cf2d477e5945c6515d62c4253b446a08de9ff83fdef0736f7bc9366a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2