Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/06/2024, 07:52

General

  • Target

    OpenHashTab_setup.exe

  • Size

    10.3MB

  • MD5

    49356c6f4ece9852430d888542883102

  • SHA1

    11f025d8f43d5411312eed035b09c813d01d7cab

  • SHA256

    9966e3ed6693dfc42904a2aaa1b294a2cd1edd059ef795729a76956cc21cd239

  • SHA512

    52e8fbb83b1f99bbc58b97eeed7bcda0053888e3423e608f3e09762313a6d0bfee78d353ea36048971ccf68086ca1879cfe5000d608b18148686741d9b5bd15c

  • SSDEEP

    196608:NA/XXiLssSWCVCbfgj0UFw/uRPl45Pqp65yT9v3rN7sW58NTL:2/HiMWuCb4gePlSPqp3x3r9cNv

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Registers COM server for autorun 1 TTPs 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\OpenHashTab_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\OpenHashTab_setup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:856
    • C:\Users\Admin\AppData\Local\Temp\is-TKQOK.tmp\OpenHashTab_setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-TKQOK.tmp\OpenHashTab_setup.tmp" /SL5="$70120,9830692,832512,C:\Users\Admin\AppData\Local\Temp\OpenHashTab_setup.exe"
      2⤵
      • Executes dropped EXE
      • Registers COM server for autorun
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      PID:1676
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1732

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\is-TKQOK.tmp\OpenHashTab_setup.tmp

      Filesize

      3.1MB

      MD5

      0ad5f016db8d7c911ba2bd2470fa707c

      SHA1

      f2a546b69086c0e6f58ed101306b260ed6572d41

      SHA256

      0578254906516cdcf2237fe7793c80643e1793b063f82be214b04c57515c36e2

      SHA512

      cff8782dbe8891d4b53ef596b0f5b3b8e7455f1d1de3ba0937a979ad5f483f23e324a2d90846a64e0c506eb7bcba2bf9f358f952e00b8d8c2d4a6982d008f389

    • \Users\Admin\AppData\Local\Programs\OpenHashTab\AlgorithmsDll_AVX.dll

      Filesize

      415KB

      MD5

      8c8d31710423915facaf2f9eecf3f05a

      SHA1

      f03a6fc79991b09492ab2801a74c90a34ed8132c

      SHA256

      09193aa394884b51e246080c8677779c05d900c5338fbfb9c4a45e075109212b

      SHA512

      40bfa84c9a604bf48027fba9aa5c1147c543c6de2e00d44bbdba6dd8176651fdc9f5f5e36ad393398c3d32c737d912887c4771878d3d46d42920e14f84c4cdf8

    • \Users\Admin\AppData\Local\Programs\OpenHashTab\AlgorithmsDll_AVX2.dll

      Filesize

      459KB

      MD5

      464e0d21c1146e5055f8d585f14e7698

      SHA1

      a97d691ad14d262a5fe465087760716adca52433

      SHA256

      208fa335987d1f9a3daaab317d38f2c7dbc8c2eccada5b801d37c4008a5bf363

      SHA512

      87ac0e3805bd0ba4e853087e7d0adccfd9661ccc880951f2f26d8be9e7c22407e541a5008d3442829e5d5c8523926b2a101cd0e198efce9b4152cecb411f4718

    • \Users\Admin\AppData\Local\Programs\OpenHashTab\AlgorithmsDll_AVX512.dll

      Filesize

      451KB

      MD5

      f8be4899d77a7a8bf9ff9b8ad1dc264f

      SHA1

      9dd0008dfe8bf9ff0325e892ce445121e4513237

      SHA256

      60bbc0e3f6d9a129eb17e1c8395f027b4bfc03d9cd637b8577033ef59df80f6c

      SHA512

      2be3b5652536ee7c9cabf9019271639d4e02c67f8ba6c6e696074113b8be8f5d2f4368a64f6104552963748d47524ad8a11792dad5fff52dcfb97c056ca7f0bd

    • \Users\Admin\AppData\Local\Programs\OpenHashTab\AlgorithmsDll_SSE2.dll

      Filesize

      374KB

      MD5

      8d15352ee978639c38fe10c7685c54d0

      SHA1

      d2af35377c0bca45e3174f6079f749345d9eb36e

      SHA256

      7688bb081b8284d79efb47de464863e00c4d1ce92f82e26ab9684a9934ee2c04

      SHA512

      cce27b696af8a47dcbe00d0f679d5c310d53af40648b181e4254abbca9fdc7127cbbbb4de33117abe70ea076c19b835a1b8e42e061663ee4393e949ef1096e9a

    • \Users\Admin\AppData\Local\Programs\OpenHashTab\OpenHashTab.dll

      Filesize

      907KB

      MD5

      20e816a518b540c57b20e602b9b80815

      SHA1

      8bf329a5f89079738084dd0cdc13a87c8d22d737

      SHA256

      4d106bb9f1d43fd17c9f710dc6e9a8d6962d4c6adf3306fce1ed96bc08f6f02b

      SHA512

      b5de9bd67360a5674b505eb2dcd736b9fed3f58185fe015731b550e87a6455fec8744d46265ced0ebea9ef032df4b65d953f74fca2770fab296e9f14fdf06cb0

    • memory/856-0-0x0000000000400000-0x00000000004D8000-memory.dmp

      Filesize

      864KB

    • memory/856-59-0x0000000000400000-0x00000000004D8000-memory.dmp

      Filesize

      864KB

    • memory/856-10-0x0000000000400000-0x00000000004D8000-memory.dmp

      Filesize

      864KB

    • memory/856-2-0x0000000000401000-0x00000000004B7000-memory.dmp

      Filesize

      728KB

    • memory/1676-16-0x0000000000400000-0x000000000071C000-memory.dmp

      Filesize

      3.1MB

    • memory/1676-55-0x0000000000400000-0x000000000071C000-memory.dmp

      Filesize

      3.1MB

    • memory/1676-58-0x0000000000400000-0x000000000071C000-memory.dmp

      Filesize

      3.1MB

    • memory/1676-14-0x0000000000400000-0x000000000071C000-memory.dmp

      Filesize

      3.1MB

    • memory/1676-9-0x0000000000400000-0x000000000071C000-memory.dmp

      Filesize

      3.1MB

    • memory/1676-8-0x0000000000400000-0x000000000071C000-memory.dmp

      Filesize

      3.1MB