Overview
overview
10Static
static
7ha_xint4.3_lrh.exe
windows7-x64
7ha_xint4.3_lrh.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/nsweb.dll
windows7-x64
3$PLUGINSDIR/nsweb.dll
windows10-2004-x64
3$TEMP/123.exe
windows7-x64
7$TEMP/123.exe
windows10-2004-x64
7$TEMP/noui.exe
windows7-x64
7$TEMP/noui.exe
windows10-2004-x64
7$TEMP/zwsw.exe
windows7-x64
8$TEMP/zwsw.exe
windows10-2004-x64
8ReplacingNotepad.bat
windows7-x64
5ReplacingNotepad.bat
windows10-2004-x64
5uninst.exe
windows7-x64
7uninst.exe
windows10-2004-x64
7xint.exe
windows7-x64
10xint.exe
windows10-2004-x64
10非常世�...��.url
windows7-x64
1非常世�...��.url
windows10-2004-x64
1Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
04/07/2024, 01:14
Behavioral task
behavioral1
Sample
ha_xint4.3_lrh.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ha_xint4.3_lrh.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsweb.dll
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsweb.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
$TEMP/123.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$TEMP/123.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
$TEMP/noui.exe
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
$TEMP/noui.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
$TEMP/zwsw.exe
Resource
win7-20231129-en
Behavioral task
behavioral16
Sample
$TEMP/zwsw.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
ReplacingNotepad.bat
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
ReplacingNotepad.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
uninst.exe
Resource
win7-20240419-en
Behavioral task
behavioral20
Sample
uninst.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
xint.exe
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
xint.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral23
Sample
非常世纪资源网.url
Resource
win7-20240611-en
Behavioral task
behavioral24
Sample
非常世纪资源网.url
Resource
win10v2004-20240611-en
General
-
Target
ha_xint4.3_lrh.exe
-
Size
1.6MB
-
MD5
4c681c1239ac9086192366c135d8a9b3
-
SHA1
9e7508a280db5e04fa8bef84f5b5dbd19cc5f0a9
-
SHA256
abd71b64b053593bb7a8166015edf834ee27da71d90d47ccba62b907af725042
-
SHA512
3ebb923ff80cc27a33176dffbfd02d98008ed90e80d40668cccdde471267c04fcf8dfb111b89212666fc0329ee16a3fb88332d813d5d937e5e2ad6db97af5abf
-
SSDEEP
49152:JtecOLoLmU1pnAajBV+NjvqcSp5QtUUHlbm0btsCWfJk6iP:77L3HA7HO+tUAlb/4Jk6S
Malware Config
Signatures
-
Loads dropped DLL 6 IoCs
pid Process 1644 ha_xint4.3_lrh.exe 1644 ha_xint4.3_lrh.exe 1644 ha_xint4.3_lrh.exe 1644 ha_xint4.3_lrh.exe 1644 ha_xint4.3_lrh.exe 1644 ha_xint4.3_lrh.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD583304a78d2b6ea45ea8404f4cd78721f
SHA1d5c5d19653c751c08579dd094bcc9fef1841af00
SHA25692344973083c0a5d8f5732814c1315124e8e0a2f1ed912583a081f95f7549414
SHA51294076cc935927925641d668c19b389d007ff7e8623f2afe706fc73d1ecb97210577a828a727404b200d9870e14b23d6bd047de9201d629e7443a929c0740c67e
-
Filesize
10KB
MD5d4d09da0218ba046a66a294f0cca9dfe
SHA1417b1acdeb0a4de6ac752a93080ca5b9164eb44b
SHA2569090e47d239aa1da9598a483861165e0153c01ad9ff9d65cb6c0f4497a1da5b3
SHA5123bc9a65842301dab56c139cc5a3457158d37ef294583728c93da1e11ae457df9551b0f8fbd03d5ea3058f3bc794d0ede57ea3efd5d663b45d25647a39cd955bf
-
Filesize
661B
MD5ea2f0663b56d1eb35841a17dea89922a
SHA18ddb65ab4d588e64d114c7d85641d94214ef703e
SHA256bc9a11b3ad5ca2fd705e0aee0f101e1b1a5caf17be18885dac2418d5a8d566e4
SHA5129314ceaad2838564abd0c556856eae34af6a45653d658c18188790c388c1fa8a563556148b77ce2bde7bc6f6f4201b43f5f0d423c3726c3debe0565ab9294392