Analysis

  • max time kernel
    140s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04/07/2024, 01:14

General

  • Target

    ha_xint4.3_lrh.exe

  • Size

    1.6MB

  • MD5

    4c681c1239ac9086192366c135d8a9b3

  • SHA1

    9e7508a280db5e04fa8bef84f5b5dbd19cc5f0a9

  • SHA256

    abd71b64b053593bb7a8166015edf834ee27da71d90d47ccba62b907af725042

  • SHA512

    3ebb923ff80cc27a33176dffbfd02d98008ed90e80d40668cccdde471267c04fcf8dfb111b89212666fc0329ee16a3fb88332d813d5d937e5e2ad6db97af5abf

  • SSDEEP

    49152:JtecOLoLmU1pnAajBV+NjvqcSp5QtUUHlbm0btsCWfJk6iP:77L3HA7HO+tUAlb/4Jk6S

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ha_xint4.3_lrh.exe
    "C:\Users\Admin\AppData\Local\Temp\ha_xint4.3_lrh.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2192

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nso175A.tmp\ioSpecial.ini

    Filesize

    661B

    MD5

    d3f8b066538924ac38299898818e29a2

    SHA1

    4b709597601de76a0fda35ac54237b1d968d46f3

    SHA256

    184566dd472bcbb753b63c11f0f221cbf28b33d0a8756def981b0fbd457cce9a

    SHA512

    8c51dba3851c89b7968d7d6a01edce626fd2dc51b4001775fc12ce067a8da85cab250d8705824e4b97f2b96506bffde44e88f2b1adb9b7278713bddb0a0c9b19

  • \Users\Admin\AppData\Local\Temp\nso175A.tmp\InstallOptions.dll

    Filesize

    12KB

    MD5

    83304a78d2b6ea45ea8404f4cd78721f

    SHA1

    d5c5d19653c751c08579dd094bcc9fef1841af00

    SHA256

    92344973083c0a5d8f5732814c1315124e8e0a2f1ed912583a081f95f7549414

    SHA512

    94076cc935927925641d668c19b389d007ff7e8623f2afe706fc73d1ecb97210577a828a727404b200d9870e14b23d6bd047de9201d629e7443a929c0740c67e

  • \Users\Admin\AppData\Local\Temp\nso175A.tmp\System.dll

    Filesize

    10KB

    MD5

    d4d09da0218ba046a66a294f0cca9dfe

    SHA1

    417b1acdeb0a4de6ac752a93080ca5b9164eb44b

    SHA256

    9090e47d239aa1da9598a483861165e0153c01ad9ff9d65cb6c0f4497a1da5b3

    SHA512

    3bc9a65842301dab56c139cc5a3457158d37ef294583728c93da1e11ae457df9551b0f8fbd03d5ea3058f3bc794d0ede57ea3efd5d663b45d25647a39cd955bf

  • memory/2192-0-0x0000000000400000-0x00000000004AC000-memory.dmp

    Filesize

    688KB

  • memory/2192-1-0x00000000008A0000-0x000000000094C000-memory.dmp

    Filesize

    688KB

  • memory/2192-2-0x00000000008A0000-0x000000000094C000-memory.dmp

    Filesize

    688KB

  • memory/2192-102-0x0000000000400000-0x00000000004AC000-memory.dmp

    Filesize

    688KB