abe16aa5440f4ffbd046af2a6c9f8bd600ad628fe6649774a4d8da9e7a7fbeaf

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-04-2024 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

abe16aa5440f4ffbd046af2a6c9f8bd600ad628fe6649774a4d8da9e7a7fbeaf.exe
Size

6.8MB
MD5

3a995b0043d4a1f64af673c27efb90f7
SHA1

0122af44914d878a155113e538343e27ef87ebf8
SHA256

abe16aa5440f4ffbd046af2a6c9f8bd600ad628fe6649774a4d8da9e7a7fbeaf
SHA512

62ce8e1c22adb1c541949c7a77e290fb058aeebcfda1bfdec0b62cefc06f9be085b33f9be9555b821dd1604b2cb03322f46d1f0506f53ca7f90fe741c5f156d1
SSDEEP

196608:dVWukQy6DrklU/dEGLQELX76fIQ5LApkpjuMaE4O:dKQhkI/syMIQ5spk1uMt

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3060	hsplMod_100101004.exe

Loads dropped DLL 4 IoCs

pid	Process
2548	abe16aa5440f4ffbd046af2a6c9f8bd600ad628fe6649774a4d8da9e7a7fbeaf.exe
2548	abe16aa5440f4ffbd046af2a6c9f8bd600ad628fe6649774a4d8da9e7a7fbeaf.exe
2548	abe16aa5440f4ffbd046af2a6c9f8bd600ad628fe6649774a4d8da9e7a7fbeaf.exe
2548	abe16aa5440f4ffbd046af2a6c9f8bd600ad628fe6649774a4d8da9e7a7fbeaf.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 3060	2548	abe16aa5440f4ffbd046af2a6c9f8bd600ad628fe6649774a4d8da9e7a7fbeaf.exe	28
PID 2548 wrote to memory of 3060	2548	abe16aa5440f4ffbd046af2a6c9f8bd600ad628fe6649774a4d8da9e7a7fbeaf.exe	28
PID 2548 wrote to memory of 3060	2548	abe16aa5440f4ffbd046af2a6c9f8bd600ad628fe6649774a4d8da9e7a7fbeaf.exe	28
PID 2548 wrote to memory of 3060	2548	abe16aa5440f4ffbd046af2a6c9f8bd600ad628fe6649774a4d8da9e7a7fbeaf.exe	28

C:\Users\Admin\AppData\Local\Temp\abe16aa5440f4ffbd046af2a6c9f8bd600ad628fe6649774a4d8da9e7a7fbeaf.exe
"C:\Users\Admin\AppData\Local\Temp\abe16aa5440f4ffbd046af2a6c9f8bd600ad628fe6649774a4d8da9e7a7fbeaf.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Users\Admin\AppData\Local\Temp\hsplMod_100101004.exe
  "C:\Users\Admin\AppData\Local\Temp\hsplMod_100101004.exe"
  2⤵
  - Executes dropped EXE
  PID:3060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\hsplMod_100101004.exe

Filesize
7.5MB

MD5
79cf0ef1bb6ddb03cddbe453efe08402

SHA1
710f67a4669825e47b54122c9c53aecd0515aa36

SHA256
6612d66656b527f64edd03d5cd4cb60d137bfc0e746443d8925b5445013ea3cc

SHA512
6b2fcd9c5dc9424b27257a16722c61cb83fab6d609e12f7c913a6363341ff5ceaf30bd041d0e9ec60089cfe6e7b1d3d81b1d92a535bb78d6d348946caa1d84d9

Download Submit
memory/2548-6-0x00000000037D0000-0x000000000390D000-memory.dmp

Filesize
1.2MB

Download
memory/2548-15-0x00000000037D0000-0x000000000390D000-memory.dmp

Filesize
1.2MB

Download
memory/3060-19-0x00000000775E0000-0x00000000775E1000-memory.dmp

Filesize
4KB

Download
memory/3060-27-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/3060-28-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/3060-26-0x0000000011000000-0x000000001108D000-memory.dmp

Filesize
564KB

Download
memory/3060-21-0x0000000011000000-0x000000001108D000-memory.dmp

Filesize
564KB

Download
memory/3060-31-0x0000000000E80000-0x0000000001157000-memory.dmp

Filesize
2.8MB

Download
memory/3060-35-0x0000000000E80000-0x0000000001157000-memory.dmp

Filesize
2.8MB

Download
memory/3060-37-0x0000000000E80000-0x0000000001157000-memory.dmp

Filesize
2.8MB

Download
memory/3060-49-0x00000000002B0000-0x000000000031C000-memory.dmp

Filesize
432KB

Download
memory/3060-48-0x00000000002B0000-0x000000000031C000-memory.dmp

Filesize
432KB

Download
memory/3060-47-0x00000000002B0000-0x000000000031C000-memory.dmp

Filesize
432KB

Download
memory/3060-44-0x0000000000280000-0x00000000002AF000-memory.dmp

Filesize
188KB

Download
memory/3060-40-0x0000000000280000-0x00000000002AF000-memory.dmp

Filesize
188KB

Download
memory/3060-50-0x0000000001360000-0x000000000149D000-memory.dmp

Filesize
1.2MB

Download
memory/3060-56-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/3060-60-0x00000000002B0000-0x000000000031C000-memory.dmp

Filesize
432KB

Download
memory/3060-59-0x0000000000280000-0x00000000002AF000-memory.dmp

Filesize
188KB

Download
memory/3060-58-0x0000000000E80000-0x0000000001157000-memory.dmp

Filesize
2.8MB

Download
memory/3060-57-0x0000000011000000-0x000000001108D000-memory.dmp

Filesize
564KB

Download