9e4ea8ec8b01400bf65120de422df7a1bf3405eb9c526567302f5df9a0105b7e

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 15:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

hiao0k.exe
Size

197KB
MD5

33aee0a29e6e755390997b138a7bc3f8
SHA1

3771201083f9fc6aef130b2edccb8c7d1633ed56
SHA256

9e4ea8ec8b01400bf65120de422df7a1bf3405eb9c526567302f5df9a0105b7e
SHA512

3093d4c89497f1ed65785b1adbd2f2bfc467083349731f83363c4cee1f0c3348c0b8f2f8b09ce56ce97b0be460bc8da47f4e0b9e30a4030d9e578078e6464d69
SSDEEP

3072:EstQZLgXcdBJ4OxWm1M/j0vBP6xlL+KJC23IasjoqEuPf0sJjCXrUKbHmbU:/QdEcdoozvt85C23IassqesJeBGw

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1936 set thread context of 3004	1936	hiao0k.exe	29

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3004	hiao0k.exe
3004	hiao0k.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1936	hiao0k.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 3024	1936	hiao0k.exe	28
PID 1936 wrote to memory of 3024	1936	hiao0k.exe	28
PID 1936 wrote to memory of 3024	1936	hiao0k.exe	28
PID 1936 wrote to memory of 3024	1936	hiao0k.exe	28
PID 1936 wrote to memory of 3004	1936	hiao0k.exe	29
PID 1936 wrote to memory of 3004	1936	hiao0k.exe	29
PID 1936 wrote to memory of 3004	1936	hiao0k.exe	29
PID 1936 wrote to memory of 3004	1936	hiao0k.exe	29
PID 1936 wrote to memory of 3004	1936	hiao0k.exe	29
PID 1936 wrote to memory of 3004	1936	hiao0k.exe	29
PID 1936 wrote to memory of 3004	1936	hiao0k.exe	29
PID 1936 wrote to memory of 3004	1936	hiao0k.exe	29
PID 3004 wrote to memory of 1208	3004	hiao0k.exe	21
PID 3004 wrote to memory of 1208	3004	hiao0k.exe	21
PID 3004 wrote to memory of 1208	3004	hiao0k.exe	21
PID 3004 wrote to memory of 1208	3004	hiao0k.exe	21

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1208
- C:\Users\Admin\AppData\Local\Temp\hiao0k.exe
  "C:\Users\Admin\AppData\Local\Temp\hiao0k.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1936
- - C:\Users\Admin\AppData\Local\Temp\hiao0k.exe
    C:\Users\Admin\AppData\Local\Temp\hiao0k.exe
    3⤵
    PID:3024
- - C:\Users\Admin\AppData\Local\Temp\hiao0k.exe
    C:\Users\Admin\AppData\Local\Temp\hiao0k.exe
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1208-27-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

Filesize
4KB

Download
memory/1936-19-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1936-1-0x0000000000230000-0x0000000000232000-memory.dmp

Filesize
8KB

Download
memory/1936-2-0x0000000074720000-0x0000000074CCB000-memory.dmp

Filesize
5.7MB

Download
memory/1936-3-0x0000000001EA0000-0x0000000001EE0000-memory.dmp

Filesize
256KB

Download
memory/1936-4-0x0000000074720000-0x0000000074CCB000-memory.dmp

Filesize
5.7MB

Download
memory/1936-5-0x0000000001EA0000-0x0000000001EE0000-memory.dmp

Filesize
256KB

Download
memory/1936-6-0x0000000000480000-0x0000000000487000-memory.dmp

Filesize
28KB

Download
memory/1936-8-0x0000000000480000-0x0000000000487000-memory.dmp

Filesize
28KB

Download
memory/1936-21-0x0000000074720000-0x0000000074CCB000-memory.dmp

Filesize
5.7MB

Download
memory/1936-0-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3004-12-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3004-15-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3004-17-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/3004-13-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/3004-18-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3004-20-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3004-10-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3004-26-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3004-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3004-37-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download