8c3e623134705c79cd342a51b89016f96cea3e2d9f2c36dfe38351d123a42e7b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

HMZLEP.exe

windows7-x64

9

HMZLEP.exe

windows10-2004-x64

9

Sharing

General

Target

HMZLEP.exe
Size

1.3MB
Sample

240211-vna4yshh6z
MD5

90bd60018898cfa0996e4ab4d53e3443
SHA1

5e2389308534903b7a399765268ee75fa1ee258e
SHA256

8c3e623134705c79cd342a51b89016f96cea3e2d9f2c36dfe38351d123a42e7b
SHA512

c76c7d7a5738d3d2fede883e2a67643c007f6dbaf4ada7a27748d46ebf19a5468661d7df447349f4790e719dfd92ad4a1e21341ff693f8164411618f81f60561
SSDEEP

24576:ethEVaPqLqjuTGczYcXga6C7WrmjSD2IrKFhoV7N:mEVUcqjuTGczjSA2DVrKURN

Score

10^/10

ransomware spyware stealer upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

HMZLEP.exe

Resource

win7-20231215-en

ransomware spyware stealer upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

HMZLEP.exe

Resource

win10v2004-20231215-en

ransomware spyware stealer upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  HMZLEP.exe
- Size
  
  1.3MB
- MD5
  
  90bd60018898cfa0996e4ab4d53e3443
- SHA1
  
  5e2389308534903b7a399765268ee75fa1ee258e
- SHA256
  
  8c3e623134705c79cd342a51b89016f96cea3e2d9f2c36dfe38351d123a42e7b
- SHA512
  
  c76c7d7a5738d3d2fede883e2a67643c007f6dbaf4ada7a27748d46ebf19a5468661d7df447349f4790e719dfd92ad4a1e21341ff693f8164411618f81f60561
- SSDEEP
  
  24576:ethEVaPqLqjuTGczYcXga6C7WrmjSD2IrKFhoV7N:mEVUcqjuTGczjSA2DVrKURN
Score

9^/10

ransomware spyware stealer upx
- UPX dump on OEP (original entry point)
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

ransomwarespywarestealerupx

behavioral2

ransomwarespywarestealerupx

© 2018-2025

Terms | Privacy