Analysis
-
max time kernel
142s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
21/05/2024, 17:11
Behavioral task
behavioral1
Sample
Good_Hits_Parser.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Good_Hits_Parser.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
clipper.pyc
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
clipper.pyc
Resource
win10v2004-20240508-en
General
-
Target
Good_Hits_Parser.exe
-
Size
37.3MB
-
MD5
9fb44d65c246d1ab437097a93a3f60d4
-
SHA1
60b85de037daa52d84a78f9b0efb9333cab97a88
-
SHA256
8e27c0148a54e406f3078db8fb26e427f466b1dd3443000fc8f81b756a1550c0
-
SHA512
b3276bfdcb852a0b268c0d53ea467561da3e9dcb4768510f28e57ee3dbbb1156e29dfc2b601d33d8f4f070c8ca4299fcde70ca9986addf37d7c710a786197c70
-
SSDEEP
786432:3NmctRUVyf+gX4BMdhwzTQXRGFbPp8+OTKhFcSS5U/LT2Ko2mrWcGaW:3H0yhXGMK4XRsbq+kSCU/+D2pcGP
Malware Config
Signatures
-
Drops startup file 2 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Good_Hits_Parser.exe cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Good_Hits_Parser.exe cmd.exe -
Loads dropped DLL 13 IoCs
pid Process 2424 Good_Hits_Parser.exe 2424 Good_Hits_Parser.exe 2424 Good_Hits_Parser.exe 2424 Good_Hits_Parser.exe 2424 Good_Hits_Parser.exe 2424 Good_Hits_Parser.exe 2424 Good_Hits_Parser.exe 2424 Good_Hits_Parser.exe 2424 Good_Hits_Parser.exe 2424 Good_Hits_Parser.exe 2424 Good_Hits_Parser.exe 2424 Good_Hits_Parser.exe 2424 Good_Hits_Parser.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 2424 Good_Hits_Parser.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 2676 wrote to memory of 2424 2676 Good_Hits_Parser.exe 28 PID 2676 wrote to memory of 2424 2676 Good_Hits_Parser.exe 28 PID 2676 wrote to memory of 2424 2676 Good_Hits_Parser.exe 28 PID 2424 wrote to memory of 2104 2424 Good_Hits_Parser.exe 29 PID 2424 wrote to memory of 2104 2424 Good_Hits_Parser.exe 29 PID 2424 wrote to memory of 2104 2424 Good_Hits_Parser.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\Good_Hits_Parser.exe"C:\Users\Admin\AppData\Local\Temp\Good_Hits_Parser.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2676 -
C:\Users\Admin\AppData\Local\Temp\Good_Hits_Parser.exe"C:\Users\Admin\AppData\Local\Temp\Good_Hits_Parser.exe"2⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2424 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c copy "C:\Users\Admin\AppData\Local\Temp\Good_Hits_Parser.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"3⤵
- Drops startup file
PID:2104
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
87KB
MD50e675d4a7a5b7ccd69013386793f68eb
SHA16e5821ddd8fea6681bda4448816f39984a33596b
SHA256bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1
SHA512cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66
-
Filesize
82KB
MD570a3a9e6d086a965bd164eb171f3f537
SHA1a85dea115761d8a85ea08004fa65d975bbf37fdc
SHA2565294b29c8130bad79b0a4ba9007f076843ebd35df6317b90ec9822f0ba3d8b57
SHA512447937793cbbe64025db3f3a51cc2124fc73a418aa690db1ff5290edd4deac6a34d894653a33356e1d7ea3fdfcde801c9daa00873c0409d2223217d403c954a0
-
Filesize
121KB
MD59082abcff2c89a406e7eddc1a1d4afd9
SHA1b114950c87dd1c544cf02704f5164a315993a716
SHA256591392e5c488defdcfb179bc0db96504577e2122370ae480e840a90d53ce3f44
SHA5123176d9898c77bb766679242c9667516868b25eadf59d7b92fe751d3bb81a9f4b68472df0d6234b159f27ca1503de29f574bd09b072cd38f503c8d5348d9dd4f5
-
Filesize
246KB
MD524919c42c43d9ef08d4e372c339d9e47
SHA14ed83cdab8830605a7bb75cb03a5764b8ee5c886
SHA256d8e4150517435b30913f4016df052dc7409d0e2b69b5f24333c274d504c4633f
SHA512d2b8a9eed20e27390b47b23140feac340cf448c5c4b5deefe3e42f91e1b3482be1cffa5499b0c062e36ecea8990bea2523dbbef58acc816d3a0f89eddbab5ff1
-
Filesize
1.1MB
MD595c20648ce0e148bd37f50f17a644b85
SHA1eeab8f64d983cc868660a7a249257ab9839d3d1e
SHA2561c1bf407c0bc7270f7bee57ae3c7f5a37a837f940ba7aca9561ab88e5678d7b5
SHA51232f8e2c77cc7015bd4f5b79a52dd540e1e1cbb40824857e95e1e9575979a225aff6bbcd69fa2fdd515c42256f5d241c04c89e8b8debb84aa8995c8404d918ad5
-
Filesize
77KB
MD5458f0f0ed8d16019d7c2d157bddea94b
SHA1d21848e4ebafac0b9e9ca8d71e4f8cd2b5aaca57
SHA256e6bdbe5d5d66c9790e490f6dbb695ca87a9acffa51c4a37d2948b7f1ba2c8b42
SHA51200eb3c535a0074765f146523b0bb6f16360609a13a38579b19a2635590c2d947c5eaa7e78e7a9324b3670c505d6310e75e78f7e6fdadc23aa12ad165bdfccc69
-
Filesize
1004KB
MD5bbce7d385200a3ffb1f829b97c6cb954
SHA1e5f93ab3c9738ade92b2a5df7d15e4476cd567d8
SHA256e9b2832e35d7d58f9bdd30fd5540ac2a167aa5f10938aa1d15c57e2810dc5ce9
SHA5126fadf644c93504ba7647c986e61c76badec777db0b987d6653221b7b56f06b6855c671c78ac5edff518960e277f2f0e674de9751e7177b3898085ed0a4709ecd
-
Filesize
32KB
MD5eef7981412be8ea459064d3090f4b3aa
SHA1c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016
-
Filesize
4.0MB
MD59e3ded73b6263b671a1d6c98256b721a
SHA1814045f7a2be0ab7a8d34dc8156ba9ca06253ab9
SHA256215e4f42658a1ba952197a3973ebafd2cd1d40a41c335ae376feacbcf5b04e87
SHA5128323ffb40bbaee89b1a3f1a160a24776394591ed21dc63ccb82bece7b9a1fdc2c10404eb9f3f94bae730c57bdfd99210f67a532f789f5e5c5ea14fe76b3ad05b
-
Filesize
699KB
MD5eaafa2b6768a7d23494b95e897a56ca4
SHA1c4dc648ead5ae0c45abd1a22db76a3aef4469337
SHA256c238f7991cc7a0e2a707d2dd59b800951ea92ec15c3e6c2b1e0229adb8cec1a1
SHA512aa4edb0d8194ae0069d3938cdfef14e91adaee0a746713a7f39d5169fa298727014c7995a00ef2bc0cd77e6a25ed5fb415cac3f0add2dd04ac90be29059a0e31
-
Filesize
146KB
MD54bfa43585ad0f9b7ac5858cf2c0b4963
SHA1f3e34e2d5748bdc1f49cc665342ee66662919873
SHA256455682c2212474ae895bfb931ffd7d1d15993451bdbe65ace820c9e747ca3490
SHA512d2346b871f06adfcb115a97e2b04be3d49f16bf2e92eab303e9eabd562e50f95307c8ea7a2f0541579224648fb3938a58d1c31e2248a5c6fcbc5d359d6864cc8
-
Filesize
137KB
MD564fec318efd64fa98ea427a70c02c808
SHA1f6e9ba6a4ce4d300f63004aee6ca967363cc68a1
SHA256e000f1d7dd22a0a6e87160c633fdd5e35ce8e1e367d612a870f4428ab84af10a
SHA5126f6daff5f9be46ba1bd312d8be2bb9a5be1fda9f4d1603f528286290b907c5ff6e21939e62e3f101b30bb173519e39d0e00c5157c89093c52ab036d95ee9a758
-
Filesize
157KB
MD5251b0d5fa4148895cbbc1228b4af81f8
SHA11de857df0012898449ed96d49660d36843512b9a
SHA2560178f47c605bdc97d77b7ebee70231a2520a085203b6a6e30aa2a11853eb2f07
SHA512c2d6dcdc67771cc6d102537b3e246e8c6e5f401a473e843279425f7af5bb8be425197ec0568acb5bff0b6ea9671bb0584af88da1f1a9ae72df10db1c40e94cd4
-
Filesize
26KB
MD5ac8caceeaa28137a14784563d126ed7e
SHA14dcbe48eaa53d5c7d91c420df823dbff54f4da5f
SHA2568e6d1a33b16dcc3922f7159a30ff596194a59b4a8fb5f9864517f03fd19f2c78
SHA512b67bff989af102f5087d95993e9bd57c6808e401979707bc2d33b386326b964abb71f497d82747725fb040a1d337ee453a1d57c37b72fdc06f7ea7687dda8f12