Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23/02/2024, 09:55

General

  • Target

    h4xtools.exe

  • Size

    23.6MB

  • MD5

    98646782c59bc4c6e6dc2528801cb4ab

  • SHA1

    1dcb009f3a985b315637721f5cfb729a97bd4117

  • SHA256

    706fc6c93230d713b002d42d3b523b30c0a7b77861f15cc3cde12d0d4eb96e0e

  • SHA512

    a289c6b4aefaa7b67403033f6f303ea312b8b1f216e22486b7e4edb71d2333b9dcfd2dd4b9f4adabcbb9293b9e9bb90ecbef8edc6e61f64f845f8600674552d2

  • SSDEEP

    393216:kV72c88Hg9nW+eGQRj6QtSX8IneRMPMTozGxu8C0ibfqyOUVXFjbIlRCxiSqDR8x:k5t88yW+e5RrtYXeRPoztZ0iNsRHSqDa

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\h4xtools.exe
    "C:\Users\Admin\AppData\Local\Temp\h4xtools.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Users\Admin\AppData\Local\Temp\h4xtools.exe
      "C:\Users\Admin\AppData\Local\Temp\h4xtools.exe"
      2⤵
      • Loads dropped DLL
      PID:3028

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_MEI20722\api-ms-win-core-file-l1-2-0.dll

          Filesize

          13KB

          MD5

          b5233e03bde877536db16308f3664cda

          SHA1

          15ff9d07de90f4a13943b36c30ce2cfaccc67451

          SHA256

          fb9b51ab73cb5fecc491a3a2624d54cc327370c6ac5efc9dfada2411acf766ed

          SHA512

          ad005e39dcd889e8a6c127038b7c25eb2e100c889b16a6b12063bf76087b3d245df2768d3f032963dcbb33d320be56ec3a2822a718d17b34503ee0ddccef7486

        • C:\Users\Admin\AppData\Local\Temp\_MEI20722\api-ms-win-core-file-l2-1-0.dll

          Filesize

          13KB

          MD5

          da0e628d704f10be357148f2131108b1

          SHA1

          a9a8c5e002a65d1b43fb990a86c59d290d480464

          SHA256

          5747de24ef2014b50f49d541621a328a02a4ef5f20eeb94423a3d7f7954e49f6

          SHA512

          30b2b3fd92b73dc387b6beff63c4d9e16123f9abbde0cc3f33b1b00c013885f980d12d793e32aaf7c430121df3d337dd09a9a8a5ea874696d3cf37ee51a50a81

        • C:\Users\Admin\AppData\Local\Temp\_MEI20722\api-ms-win-core-localization-l1-2-0.dll

          Filesize

          15KB

          MD5

          e142049a08327db53b0289cd25bbb70f

          SHA1

          3289a7c010a613b07b235d13ec96af31b683834a

          SHA256

          dd36f8e544be435ffd7c96ddb077dc76b4cebd6fbef14319f7d21f47fe794a87

          SHA512

          f6fd8865f9df1bd382b246041ad90a3e87e42a99b7dc8167d0d4513e7bec6901b80120ff98e1283ca754dcc726b4ddc000f41c428f4f45dfd4489e94075352cf

        • C:\Users\Admin\AppData\Local\Temp\_MEI20722\api-ms-win-core-processthreads-l1-1-1.dll

          Filesize

          13KB

          MD5

          8ce9f911908bc20529ce03b7836397f5

          SHA1

          b8554a420c1372474e15d931f2f50e433d3b634e

          SHA256

          257d25b17680639ef9175e272c2cec4239a395651a69115441ba234c4b30ec0b

          SHA512

          980af4b0b3749d5e5842be388734b6385f0181eb5319b3e7802fcb33aada78b6bcf753a4eed29584e988b2708798e3da2ebd286c09fc5c518f8a1e2c5754fb11

        • C:\Users\Admin\AppData\Local\Temp\_MEI20722\faker\providers\job\es_MX\__init__.py

          Filesize

          83B

          MD5

          eeaa6ca5cb7f4bb1d7e75797f9b5af37

          SHA1

          0ac3743facacbc2090930b41cf38bcfe2951eb37

          SHA256

          ce99db30f577944104a7365372ea8363cd9d0087a6e9d88f7b835a1926da336c

          SHA512

          b492e6fa3eb607683a6c6f5696835aeae5e4c12fd2d44346bfd954d25c0bcf5bda808c175b0b17e26a0d5daf4f91d8588de119f5b747a80b3cfe53f68bbecd7c

        • C:\Users\Admin\AppData\Local\Temp\_MEI20722\python312.dll

          Filesize

          2.3MB

          MD5

          d5093bcbb7c2dabcdbc40aaaa3a387d6

          SHA1

          56406dfee51a45bcb0a91b9780a7b0a2801c4ef6

          SHA256

          4e5ebbb9de74c3a373c9123eeeba47e0c7c486280a66fadf6a1391524ed13215

          SHA512

          b0c0464c3619ee10db1f44fd475daac88bbaac460f81da6f5f254d9959587b29438f34d72973de8f2bd3dd509d894bc24ce58d3f275c5bcde43540d977c37a4c

        • C:\Users\Admin\AppData\Local\Temp\_MEI20722\ucrtbase.dll

          Filesize

          987KB

          MD5

          6b9880ec69f2988d1035fa11969fa894

          SHA1

          add955b1826c79aa43afb268682aad5614d5f1e6

          SHA256

          c446df8432ff2679961763de876432fcf13f272269c17417e7eccbda0b000448

          SHA512

          747d074dbc9bd020feb04c009ad8bd975a4c9a37e0ead8093908237ab00f08e46beb73bfc3a7b41bedb99130877343206a0a2568b611161d17ece5597e3416d9

        • \Users\Admin\AppData\Local\Temp\_MEI20722\api-ms-win-core-timezone-l1-1-0.dll

          Filesize

          13KB

          MD5

          8a7fbe2425592dd419f6cf665613b967

          SHA1

          af2170a7e5f27111e32fa27ecfdddaa41edc8156

          SHA256

          a6cbce99976a8fdd8d9cc278c7d8aebbc4a6ae6404684021d73c8f4e520b98dc

          SHA512

          57d41d57721f9e37c6ea8a55ac156f9275d2373beead9f5c836ff7379c49c6676b9168bf278206fe2e60b576e066d8706ec1ed0a96b3db82b197d724f4a2279f

        • \Users\Admin\AppData\Local\Temp\_MEI20722\python312.dll

          Filesize

          1.7MB

          MD5

          78510aecaa220a496b0cb6c2ef750d02

          SHA1

          fb5be5214fce702a240ad36b8d4814e39ad5cbb1

          SHA256

          730a3ab043bf2b32ac75228d3c71954f5df8fd0ad8e1c2583a31b11ebc91cd08

          SHA512

          cee58bca5687a0ac7b02701a7f492e8dba038adad41ee6a88754f44e5f1838c6962811fa15ff382128752d1c6743d0ae0930c3f1ccadf00f37b4dc74c1f98f6e