67f904372c8a7f5de3f4bb33778288c944fc79315d10a4b4d96f3b8503c11d8b | Triage

Sharing

General

Target

hwi_772.exe
Size

14.1MB
Sample

240212-y7v51sbf3s
MD5

49b034f0fe1f7782c12ea37e5c13a438
SHA1

fd625810d832ae2d8233d2c1cbbbad96998a69e9
SHA256

67f904372c8a7f5de3f4bb33778288c944fc79315d10a4b4d96f3b8503c11d8b
SHA512

7326e12a9407d8a06909911db6e72e078900cb99fb09a22831706d440ae3e470b3e2020a5a6b302c92bd175c92021ead3a828ea8e60b8b9bfe7f74627c152624
SSDEEP

196608:wrn8HEiLLRq/UEgAP1aqoWmyeJZjH8Ig5Xl1ZgDFSU3dqVYfsJ9Y7c0YkS7umBQp:wrn8tPsdiIA85LgRqWf/40Yl6YfJVep

Score

7^/10

Malware Config

Targets

- Target
  
  hwi_772.exe
- Size
  
  14.1MB
- MD5
  
  49b034f0fe1f7782c12ea37e5c13a438
- SHA1
  
  fd625810d832ae2d8233d2c1cbbbad96998a69e9
- SHA256
  
  67f904372c8a7f5de3f4bb33778288c944fc79315d10a4b4d96f3b8503c11d8b
- SHA512
  
  7326e12a9407d8a06909911db6e72e078900cb99fb09a22831706d440ae3e470b3e2020a5a6b302c92bd175c92021ead3a828ea8e60b8b9bfe7f74627c152624
- SSDEEP
  
  196608:wrn8HEiLLRq/UEgAP1aqoWmyeJZjH8Ig5Xl1ZgDFSU3dqVYfsJ9Y7c0YkS7umBQp:wrn8tPsdiIA85LgRqWf/40Yl6YfJVep
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2