858bdc7b94a957a182492a2d21e096b2fb2ab5317ae9e3e882243ad80953227e | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
18-07-2024 22:54

Sharing

Report Analysis Logs

General

Target

hacn.exe
Size

24.0MB
MD5

70d8f32540470db5df9d39deed7bd6cb
SHA1

a14147440736d4f1427193cd206f519890b9f2f2
SHA256

858bdc7b94a957a182492a2d21e096b2fb2ab5317ae9e3e882243ad80953227e
SHA512

522fc6bc180c5e9e7bc60ece7404162692f0a7902923465082cf5449bc9d2f247b8e7d60f7f0bf5a24bf98fc07826b743a49b71eba406f6073990c3355944870
SSDEEP

393216:VDfDoc6nS0ns/xgsJpQZ4qx0LVRCOIv09pgtmRFb4hOpLsLWV9hf4g:Vb7gnsWs/k4qIov09L8E9s6h

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

hacn.exe

pid process

2748 hacn.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

hacn.exe

pid process

2748 hacn.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

hacn.exe

description	pid	process	target process
PID 2660 wrote to memory of 2748	2660	hacn.exe	hacn.exe
PID 2660 wrote to memory of 2748	2660	hacn.exe	hacn.exe
PID 2660 wrote to memory of 2748	2660	hacn.exe	hacn.exe

C:\Users\Admin\AppData\Local\Temp\hacn.exe
"C:\Users\Admin\AppData\Local\Temp\hacn.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Users\Admin\AppData\Local\Temp\hacn.exe
  "C:\Users\Admin\AppData\Local\Temp\hacn.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI26602\python310.dll

Filesize
4.3MB

MD5
63a1fa9259a35eaeac04174cecb90048

SHA1
0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

SHA256
14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

SHA512
896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

Download Submit