Overview

overview

8

Static

static

3

WinToHDD.exe

windows7-x64

8

WinToHDD.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 01:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WinToHDD.exe

  • Size

    4.2MB

  • MD5

    014aa780de21687de83ddbe0f55ab183

  • SHA1

    5bec95741a8e45d59c413e27200c92b8fdb6b2e2

  • SHA256

    9deb4058accce9ad4ff96ca98b6aec86a132f18bbeee769892c30d0eaf99aac0

  • SHA512

    efc081be99a6b4c84af2b12baff2160ae38923161059e1487141c096af7d856be248bb5901554eefd1db1a26200d129de90b62d50f58de031b2a03e3eda9e802

  • SSDEEP

    98304:U0aEiQ9wb2ZEPzO9Sv/9Ntx3EaXm11r7hvc1+d4tuFUtWc/:U0ayAUumjri1S4tTH

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WinToHDD.exe
    "C:\Users\Admin\AppData\Local\Temp\WinToHDD.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4736
    • C:\Users\Admin\AppData\Local\Temp\is-KP946.tmp\WinToHDD.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-KP946.tmp\WinToHDD.tmp" /SL5="$50214,3993088,129536,C:\Users\Admin\AppData\Local\Temp\WinToHDD.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-E0QB4.tmp\unins000.dll
    Filesize

    727KB

    MD5

    12941f016b258966b342661b49419ed7

    SHA1

    a6141b481082764c3b93bab89c70b8baa8843d62

    SHA256

    1e4590840965cb06f42143399ab21bcd175b9485fe81a957ce4fb4d74163d042

    SHA512

    034d5832423730e12abc4d52a530a3a3b6b4e348bf6db3fc243447e52efe9ed081c8f27a905512597a5777f313a6545bf06e2a4a46004da7db518508abdadd24

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-KP946.tmp\WinToHDD.tmp
    Filesize

    1.1MB

    MD5

    8d26c1218f9a13e299afd3bf14d3cd2b

    SHA1

    f14f35d476cf3ea77d8c619897f8c83b6c9e1841

    SHA256

    709594600576cd98d424bae6fc20dde18af871a24f9bce0e02386affdf105693

    SHA512

    7ef546c066f8a4121dbb7240d154121991fb9bb55dd56b891d1696113889a21d2be50f4301abfd3cfd0ee816dae70abc9ddf9845ccd46720c961f4ecdc450f11

    Download Submit

  • memory/1140-6-0x0000000000400000-0x000000000052E000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1140-16-0x0000000000400000-0x000000000052E000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4736-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4736-2-0x0000000000401000-0x0000000000412000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4736-15-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download