Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
24-01-2024 04:49
Behavioral task
behavioral1
Sample
Hwid Checker.exe
Resource
win7-20231215-en
General
-
Target
Hwid Checker.exe
-
Size
13.2MB
-
MD5
dc612bf57e8ad69f02e18c6c78ca9eda
-
SHA1
aa2846f2ae32f804a959cb85ddeabff0d0158e38
-
SHA256
5d71b143297178acf37fc0e057dce00600e71246735e40e0156cd22d9751a298
-
SHA512
6c5223aa6d8f71114e346f7cea9f2f1b7fa8e534ba9ba0f37fcffd92c2883f8705c5b43fce8656673c9490d5a44aba659e69b61e31880b47250473a6b93923fe
-
SSDEEP
393216:vEkMD2nwW+eGQRIMTozGxu8C0ibfz6e57G1bmXiWCUI:vUDawW+e5R5oztZ026e5sFVUI
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
Hwid Checker.exepid process 2608 Hwid Checker.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Hwid Checker.exedescription pid process target process PID 2148 wrote to memory of 2608 2148 Hwid Checker.exe Hwid Checker.exe PID 2148 wrote to memory of 2608 2148 Hwid Checker.exe Hwid Checker.exe PID 2148 wrote to memory of 2608 2148 Hwid Checker.exe Hwid Checker.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Hwid Checker.exe"C:\Users\Admin\AppData\Local\Temp\Hwid Checker.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2148 -
C:\Users\Admin\AppData\Local\Temp\Hwid Checker.exe"C:\Users\Admin\AppData\Local\Temp\Hwid Checker.exe"2⤵
- Loads dropped DLL
PID:2608
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.7MB
MD548ebfefa21b480a9b0dbfc3364e1d066
SHA1b44a3a9b8c585b30897ddc2e4249dfcfd07b700a
SHA2560cc4e557972488eb99ea4aeb3d29f3ade974ef3bcd47c211911489a189a0b6f2
SHA5124e6194f1c55b82ee41743b35d749f5d92a955b219decacf9f1396d983e0f92ae02089c7f84a2b8296a3062afa3f9c220da9b7cd9ed01b3315ea4a953b4ecc6ce