22b29e6b3dda593afe0136c28a2a5895a00276d0d7691c3b4b1135a75dc9b0bf

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 23:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Full_Webpack-1328_1-DJ3050_J610_Full_Webpack.exe
Size

55.2MB
MD5

b628fdcf5db6ddbcbbdd049242061b24
SHA1

df05f509b9db72c6cab4533a78116066c83310dd
SHA256

22b29e6b3dda593afe0136c28a2a5895a00276d0d7691c3b4b1135a75dc9b0bf
SHA512

4373f2670c2589ff6a22df4a2394b75057bc1dcce9439367cc0f500bfd553862f41f8214afb12fdb52085147ace6a94a9beeb4a640ceaf140a4d383a4d5e12ef
SSDEEP

1572864:FnWUEKCFW/ekjY2yOL8XeGQIpKNvy/bqwHvyh:FnWIKVwF7WyEq8vG

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	HP-DQEX5.exe
File opened (read-only)	\??\N:	HP-DQEX5.exe
File opened (read-only)	\??\O:	HP-DQEX5.exe
File opened (read-only)	\??\U:	HP-DQEX5.exe
File opened (read-only)	\??\H:	HP-DQEX5.exe
File opened (read-only)	\??\J:	HP-DQEX5.exe
File opened (read-only)	\??\P:	HP-DQEX5.exe
File opened (read-only)	\??\S:	HP-DQEX5.exe
File opened (read-only)	\??\T:	HP-DQEX5.exe
File opened (read-only)	\??\B:	HP-DQEX5.exe
File opened (read-only)	\??\E:	HP-DQEX5.exe
File opened (read-only)	\??\K:	HP-DQEX5.exe
File opened (read-only)	\??\L:	HP-DQEX5.exe
File opened (read-only)	\??\M:	HP-DQEX5.exe
File opened (read-only)	\??\Q:	HP-DQEX5.exe
File opened (read-only)	\??\W:	HP-DQEX5.exe
File opened (read-only)	\??\Y:	HP-DQEX5.exe
File opened (read-only)	\??\G:	HP-DQEX5.exe
File opened (read-only)	\??\I:	HP-DQEX5.exe
File opened (read-only)	\??\R:	HP-DQEX5.exe
File opened (read-only)	\??\V:	HP-DQEX5.exe
File opened (read-only)	\??\X:	HP-DQEX5.exe
File opened (read-only)	\??\Z:	HP-DQEX5.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation	Full_Webpack-1328_1-DJ3050_J610_Full_Webpack.exe
Key value queried	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation	Setup.exe

Drops autorun.inf file 1 TTPs 2 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp\7zS4D5D\Autorun.inf	Full_Webpack-1328_1-DJ3050_J610_Full_Webpack.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zS4D5D\Autorun.inf	Full_Webpack-1328_1-DJ3050_J610_Full_Webpack.exe

Executes dropped EXE 2 IoCs

pid	Process
1648	Setup.exe
3056	HP-DQEX5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	HP-DQEX5.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	HP-DQEX5.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1652	Full_Webpack-1328_1-DJ3050_J610_Full_Webpack.exe
1652	Full_Webpack-1328_1-DJ3050_J610_Full_Webpack.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3056	HP-DQEX5.exe
3056	HP-DQEX5.exe
3056	HP-DQEX5.exe
3056	HP-DQEX5.exe
3056	HP-DQEX5.exe
3056	HP-DQEX5.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 1648	1652	Full_Webpack-1328_1-DJ3050_J610_Full_Webpack.exe	93
PID 1652 wrote to memory of 1648	1652	Full_Webpack-1328_1-DJ3050_J610_Full_Webpack.exe	93
PID 1652 wrote to memory of 1648	1652	Full_Webpack-1328_1-DJ3050_J610_Full_Webpack.exe	93
PID 1648 wrote to memory of 3056	1648	Setup.exe	97
PID 1648 wrote to memory of 3056	1648	Setup.exe	97
PID 1648 wrote to memory of 3056	1648	Setup.exe	97

C:\Users\Admin\AppData\Local\Temp\Full_Webpack-1328_1-DJ3050_J610_Full_Webpack.exe
"C:\Users\Admin\AppData\Local\Temp\Full_Webpack-1328_1-DJ3050_J610_Full_Webpack.exe"
1⤵
- Checks computer location settings
- Drops autorun.inf file
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Users\Admin\AppData\Local\Temp\7zS4D5D\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\7zS4D5D\Setup.exe" /webpack
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1648
- - C:\Users\Admin\AppData\Local\Temp\7zS4D5D\HP-DQEX5.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS4D5D\HP-DQEX5.exe" /user "QMWIRSIY\Admin" /webpack
    3⤵
    - Enumerates connected drives
    - Executes dropped EXE
    - Enumerates system info in registry
    - Suspicious use of SetWindowsHookEx
    PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\HP\AtInstall\001\hp-dqex5.log

Filesize
2KB

MD5
6f036806a0ed053161aa7e20f5d0a60d

SHA1
e0f37b4802293c453cdbddedc9561102e521a83e

SHA256
4aa9f5d632d529111fb37317e72a883bf473d5bb2f1a8214020cf55a16074a94

SHA512
1be7ab8bc94302f1d26e56a2a553ee8e7152d27f1bad04606bba95678707a2851b0ba98ee9628eea5ad6b443170f497d893bfc4df7a9fda601a859e0432a9333

Download Submit
C:\Users\Admin\AppData\Local\HP\AtInstall\001\hp-dqex5.log

Filesize
4KB

MD5
b00abcef8562818c6a773f029fcad9b5

SHA1
ccb173e10905ea74fe574734cc8c5e9535740971

SHA256
cb1714f2473ba4645508ebb67d7ad278b93df8240069d79c2c172097f1a629e1

SHA512
751aefde469ab08fb57ba47db27a66f81b668261f5819ca83bb8877d428d4821e8b8366f2d51acfd5dab1dc01020749eaddea2affa219a45a4238fadb60c5bc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D5D\D3050x64.msi

Filesize
3.1MB

MD5
fed3eb72968917010ec9022c8307c0ba

SHA1
9fc973a571332fca26d0980cdf6ff72172829485

SHA256
9811d186ab345a6bec27595068136ad0f92f2295fe95e9945d6d1d5ac3caa723

SHA512
e69f505c68503463d35fc80ea1615a4eadf7ccf6d8019f787168925926e8cc4babde01982448ce09f734c0e5216fdaeb1b72bcc69ecfbc074b7fa5d027768635

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D5D\D3050x64_1034.mst

Filesize
56KB

MD5
8174a9f493ef793eecfb715a122ef3bd

SHA1
06684474af27d78605650691e7a4165dec00021a

SHA256
d872f30c8274b2b0374beeb36b26cf131f9a7578639e2b0a130724af8aa6d075

SHA512
4db40e23724dcd54abdf16376e4831bf8e2d3f0857ac1ec416b6f28b0add1514afc77c1199920661d33f22889e1f1e82a561bd6c8b6bf4f0b5281fa8c46b685d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D5D\D3050x64_1036.mst

Filesize
60KB

MD5
87bf07b2e7fde467c1de91c17e06f1d0

SHA1
76340959aec84c32b03cdcac0a308126d6b6ab41

SHA256
84259622b89dc8d02c1ab385d2a56d52127636e85cec0a2e8b55c32dcadf6a1d

SHA512
a3935c3baeb0858f068fc2e16a6461b86ddd03fe432a56d58feb2fb11ff4f8c06d73fd0137f817eb22fe60e664b250b19c31b7cceff9b0f92b6aeefe10b159eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D5D\D3050x64_1044.mst

Filesize
52KB

MD5
13007ee3c271329171e6298a6d0e82ea

SHA1
7afbd1921f1a7f60dbf0a58d7f2d271a84cc4e0f

SHA256
f28ed98df24abb97daba3ab435f732ce1c7ba5661f5729130c335d47db74fa20

SHA512
a6197c16f6c3805423cd3af93a4bb7476b4bad72c60fce6fea31423b556b0c03ae49ef83e1c7ecda81b9edf8e594a02c062e6169460e06f367da007e6e6a5dbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D5D\D3050x86_1028.mst

Filesize
44KB

MD5
063e28dae641eb9e626343f45a41036f

SHA1
0895719f264e043a8f1af9d3a22761fe545f9d6a

SHA256
059f4c842ce1a0bb8dbd32dc9e3d6a942b216d3ef3f1bf7761fb6642be175e12

SHA512
b5aeff6248cfeb502099866f6a13b1bdf9dab686a9fe6c155361f8d8cc6a4a3ad0c11b1648fb4320ff20e7fc8d67c1b9eda7c0111e23bc57776457b33240c84f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D5D\HP-DQEX5.exe

Filesize
6.8MB

MD5
52e6dfc9fa6fab596919e63f9e87866e

SHA1
41282cda42a883e25d4403cb1609a9a0b5e311ac

SHA256
42ba4b09465eb1a29eaf0d97e64f7013cdbab0f08daf3b6c8871a351f424213e

SHA512
0143215d63082738884851f6907e2a5883e3a76f720a919000ba8ff01e43e288a3fd5366cee665cdba4a834a8811bccc9dee982b75baf773c04c6feb9a2f5212

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D5D\Optional\D305Ux64.msi

Filesize
240KB

MD5
f61993e885f6305eff32e744ad31a3e6

SHA1
fab125e65282bc78583b527f1dbde19725f41b84

SHA256
a0ef8edefb2b9330e2da0b0aeb689332096dfec6ba6a707d62c0aa75000d9d80

SHA512
b2131edf62affe6b4f42e365f35cf8452428a04a836699e3b7cd2d0b4316ea45d4e588c112434fbed64b7cdcc55c2d266b6f275f246ff815abbdd0ba200fc18c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D5D\Optional\D305Ux64_1029.mst

Filesize
44KB

MD5
29325ccfd1a9cf763389bea506849100

SHA1
b259bb884bec3339cb5e766290cc81d24f9593b3

SHA256
f208b6dae6c52b7a1d2e724d12bb42fb3c51b2d70f3be45076ec26ec271e2ed0

SHA512
78d419a3e7ecb821fff5e96685408a8dd2601c8c638e2b7706d4937c71ac7cddc102046fd8a39c2e2f050c0b800cabe1b863c52f1adf9a8db0e465f160a505fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D5D\Optional\D305Ux64_2052.mst

Filesize
36KB

MD5
d060d89251739348481aca4b06bd1ff6

SHA1
c807149503e246836db8558c4276e27fa644f1a5

SHA256
f51305dc58c38443e8cc7f9a0855ea30ee42900161b94bf72ecd8ffd4cc91ece

SHA512
a97ba9990e13e0fe33c4399be063f027ee877fd0342ae17ec3e35e520a1c96b15a04542fcd4b3d38e138049a6590c484bf221b040f9432f5c949534ef39579ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D5D\Optional\HP Update.msi

Filesize
941KB

MD5
6f8cd74875bf58f3bd89e41155b2ee23

SHA1
0d0edb1aedc01475ca191d1c4a4b6e8d036f50c0

SHA256
ff9071e42d781fc0fa20e18ba8e77f4bc103c98be6b520bd779856f10d0def37

SHA512
5b2cf61fb539d17bebfdfbff35967e636c7ce7ef21ef318008bfa04886ad05501eda00b1a8311b02fa7481b964c3a653bbc1e76042e9b52816e0124b1087bdbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D5D\Optional\HP Update_1033.mst

Filesize
3KB

MD5
d03fdbb2f4508bdc7048c2239f807037

SHA1
b1b71b72c4ba3bec7025de40712ace5c073d0204

SHA256
b5b746794214225447620e65b977607ea3fbb773b4ac949c9af24ec58f394554

SHA512
6131684d1f7f811f7a128c37c5668a2a4b02dfa70ad3686633eadb0f580cdbed77abdaa770810fb0de3876507e3ef125e144faab389b76b3ca8a6c68ddb6861d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D5D\Optional\lp-3050MSI.msi

Filesize
143KB

MD5
1cd8af6d41b848185b71a1cfd60cace1

SHA1
88191cf89ec960d4b5c3ce4207df321f7957231b

SHA256
0380ba0a3e160ec845f5cea3d09da499744fca56d9514f835e90fdba9d728722

SHA512
2fa04e11f23a900b7331bce31d21a8f4490b3e41b18c7378b67e798f237c68e51e1ae14ebbe93f211cc10c94c29f03b01f4669b3f92950ce19ce3645ffa2c518

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D5D\Setup.exe

Filesize
1.6MB

MD5
e157b8c3c6c5c2f38ec645604067d387

SHA1
66c8a82414a33bcf7be8891dd900ca2d293f18cc

SHA256
e96cd0bc558f72aeb54d3d6cc1b58de5abd338cef2ed1796a3735d2f5f81e2a6

SHA512
4c71a0e0ecc6da0eca1e3623cb3ccf35ef6c77a8c18bfb9c13a9b2fe0b03aaec479a618362016896f8a14a01d6ed9c05a6cf2cd1e052f8735fe9e4825f16a790

Download Submit
C:\Users\Admin\AppData\Local\Temp\HPTempIcon.ico

Filesize
24KB

MD5
f7c9990ac58539036c44f6a4f2f2ad13

SHA1
a7378579a91ef1d19e929b5a96cacff7afe1914c

SHA256
a7d1f0dc9bb366c77c12e0d8bfb556d26868ac869c70b9a4c41f3b6a1b63da0b

SHA512
d929424b0fa9469794d9078f1cfa47cae42501cce9e3a495e7584840f69c2791ef02f641a24c07e0205493b62afedb4cf9694f62b6cf466bea317d902ee0ddeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\HPTempIcon.ico

Filesize
5KB

MD5
8776c98eb1a0e805a8f3e0e6af94a100

SHA1
9ef31ceb909259c7159d5beb826f5ac956db098a

SHA256
67bf8d6b18201ebded1d348190a747a44238a2e8e6a2ed4c2bf8e36277ad88e8

SHA512
f0a05b7413f6578bb4253e451074af99441bf8485ac40d7c067510c424eb0dc2915f0b44fcd0a6439c320a1a7499bb6ee5be66ba2cee3b0f07c748ca46f09942

Download Submit