Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2024, 01:14

General

  • Target

    ha_xint4.3_lrh.exe

  • Size

    1.6MB

  • MD5

    4c681c1239ac9086192366c135d8a9b3

  • SHA1

    9e7508a280db5e04fa8bef84f5b5dbd19cc5f0a9

  • SHA256

    abd71b64b053593bb7a8166015edf834ee27da71d90d47ccba62b907af725042

  • SHA512

    3ebb923ff80cc27a33176dffbfd02d98008ed90e80d40668cccdde471267c04fcf8dfb111b89212666fc0329ee16a3fb88332d813d5d937e5e2ad6db97af5abf

  • SSDEEP

    49152:JtecOLoLmU1pnAajBV+NjvqcSp5QtUUHlbm0btsCWfJk6iP:77L3HA7HO+tUAlb/4Jk6S

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\ha_xint4.3_lrh.exe
    "C:\Users\Admin\AppData\Local\Temp\ha_xint4.3_lrh.exe"
    1⤵
    • Loads dropped DLL
    PID:1644

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsh57C7.tmp\InstallOptions.dll

    Filesize

    12KB

    MD5

    83304a78d2b6ea45ea8404f4cd78721f

    SHA1

    d5c5d19653c751c08579dd094bcc9fef1841af00

    SHA256

    92344973083c0a5d8f5732814c1315124e8e0a2f1ed912583a081f95f7549414

    SHA512

    94076cc935927925641d668c19b389d007ff7e8623f2afe706fc73d1ecb97210577a828a727404b200d9870e14b23d6bd047de9201d629e7443a929c0740c67e

  • C:\Users\Admin\AppData\Local\Temp\nsh57C7.tmp\System.dll

    Filesize

    10KB

    MD5

    d4d09da0218ba046a66a294f0cca9dfe

    SHA1

    417b1acdeb0a4de6ac752a93080ca5b9164eb44b

    SHA256

    9090e47d239aa1da9598a483861165e0153c01ad9ff9d65cb6c0f4497a1da5b3

    SHA512

    3bc9a65842301dab56c139cc5a3457158d37ef294583728c93da1e11ae457df9551b0f8fbd03d5ea3058f3bc794d0ede57ea3efd5d663b45d25647a39cd955bf

  • C:\Users\Admin\AppData\Local\Temp\nsh57C7.tmp\ioSpecial.ini

    Filesize

    661B

    MD5

    ea2f0663b56d1eb35841a17dea89922a

    SHA1

    8ddb65ab4d588e64d114c7d85641d94214ef703e

    SHA256

    bc9a11b3ad5ca2fd705e0aee0f101e1b1a5caf17be18885dac2418d5a8d566e4

    SHA512

    9314ceaad2838564abd0c556856eae34af6a45653d658c18188790c388c1fa8a563556148b77ce2bde7bc6f6f4201b43f5f0d423c3726c3debe0565ab9294392

  • memory/1644-0-0x0000000000400000-0x00000000004AC000-memory.dmp

    Filesize

    688KB

  • memory/1644-100-0x0000000000400000-0x00000000004AC000-memory.dmp

    Filesize

    688KB