Analysis

  • max time kernel
    140s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25-07-2024 01:02

General

  • Target

    LisectAVT_2403002B_191.exe

  • Size

    767KB

  • MD5

    e5abfd692dfbe2e054b12d6c8758bd4a

  • SHA1

    18a4b6f44fce7c7fb68a953d3044f2b5a61108ab

  • SHA256

    a8fb63a86d620269b9e8179351f3c85d74b5c526cc4fc4ded6fcd3a1977ec936

  • SHA512

    e1d5a2ee4b0768961c21c1d917bcbff36a01b7b93d9b39d2200a94799679876164428548c8ba1611bbc64411aa516d64d8efcebd4d4b86ba513763e1bc73e41c

  • SSDEEP

    12288:Re1caCQXzPHUjF6eV7vbCfzYUjWuZwhG+BDMzwl:ReGQDP0j8Q7TCL2uZZUDMz

Score
10/10

Malware Config

Signatures

  • Detects HZRAT backdoor 4 IoCs
  • HZRAT

    HZRAT that is remotely accesses infected resources.

Processes

  • C:\Users\Admin\AppData\Local\Temp\LisectAVT_2403002B_191.exe
    "C:\Users\Admin\AppData\Local\Temp\LisectAVT_2403002B_191.exe"
    1⤵
      PID:1504

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1504-0-0x0000000000401000-0x0000000000413000-memory.dmp

      Filesize

      72KB

    • memory/1504-1-0x0000000000400000-0x00000000004B9000-memory.dmp

      Filesize

      740KB

    • memory/1504-2-0x0000000000400000-0x00000000004B9000-memory.dmp

      Filesize

      740KB

    • memory/1504-4-0x0000000000400000-0x00000000004B9000-memory.dmp

      Filesize

      740KB

    • memory/1504-6-0x0000000000400000-0x00000000004B9000-memory.dmp

      Filesize

      740KB