5d1423f10ec6fb19bf73a7b4f1fff7613eea84bbdf793aca0d71969e60216ac6

Analysis

max time kernel
32s
max time network
24s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 02:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

huloader.exe
Size

7.5MB
MD5

95c285c0f316edd795e79bc51256807c
SHA1

5f2abd563f083d236f5a8f313549f69728e795d3
SHA256

5d1423f10ec6fb19bf73a7b4f1fff7613eea84bbdf793aca0d71969e60216ac6
SHA512

1d582555fbf845b17eb32e2fca5fe84d2b55a763c2bb0b5a22d71e7917796c2522055a15cc664d8e0bce4acbec88eecc5be292a618345e1e782e65454aa6d86e
SSDEEP

196608:h5iDTVrEkqmtQqDXbEY1hWdNxLy+0MAHNqX+:HilrwbqDLr3+VY

Score

9^/10

evasion trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	huloader.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	huloader.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	huloader.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	huloader.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1640	huloader.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 2060	1640	huloader.exe	29
PID 1640 wrote to memory of 2060	1640	huloader.exe	29
PID 1640 wrote to memory of 2060	1640	huloader.exe	29
PID 1640 wrote to memory of 2800	1640	huloader.exe	30
PID 1640 wrote to memory of 2800	1640	huloader.exe	30
PID 1640 wrote to memory of 2800	1640	huloader.exe	30
PID 1640 wrote to memory of 2168	1640	huloader.exe	31
PID 1640 wrote to memory of 2168	1640	huloader.exe	31
PID 1640 wrote to memory of 2168	1640	huloader.exe	31

C:\Users\Admin\AppData\Local\Temp\huloader.exe
"C:\Users\Admin\AppData\Local\Temp\huloader.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1640-1-0x0000000077760000-0x0000000077762000-memory.dmp

Filesize
8KB

Download
memory/1640-0-0x0000000140000000-0x000000014136E000-memory.dmp

Filesize
19.4MB

Download
memory/1640-3-0x0000000140000000-0x000000014136E000-memory.dmp

Filesize
19.4MB

Download
memory/1640-2-0x0000000140000000-0x000000014136E000-memory.dmp

Filesize
19.4MB

Download
memory/1640-4-0x0000000140000000-0x000000014136E000-memory.dmp

Filesize
19.4MB

Download
memory/1640-5-0x0000000140000000-0x000000014136E000-memory.dmp

Filesize
19.4MB

Download
memory/1640-6-0x0000000140000000-0x000000014136E000-memory.dmp

Filesize
19.4MB

Download
memory/1640-7-0x0000000140000000-0x000000014136E000-memory.dmp

Filesize
19.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads