Overview

overview

3

Static

static

3

Hoic.rar

windows7-x64

3

Hoic.rar

windows10-2004-x64

3

Hoic/DUTCH...OM.txt

windows7-x64

1

Hoic/DUTCH...OM.txt

windows10-2004-x64

1

Hoic/Dutch...m.hoic

windows7-x64

3

Hoic/Dutch...m.hoic

windows10-2004-x64

3

Hoic/Gener...t.hoic

windows7-x64

3

Hoic/Gener...t.hoic

windows10-2004-x64

3

Hoic/butto...ns.rar

windows7-x64

3

Hoic/butto...ns.rar

windows10-2004-x64

3

buttons/4add.png

windows7-x64

3

buttons/4add.png

windows10-2004-x64

3

buttons/6266.png

windows7-x64

3

buttons/6266.png

windows10-2004-x64

3

buttons/666.png

windows7-x64

3

buttons/666.png

windows10-2004-x64

3

Hoic/butto...dd.png

windows7-x64

3

Hoic/butto...dd.png

windows10-2004-x64

3

Hoic/butto...66.png

windows7-x64

3

Hoic/butto...66.png

windows10-2004-x64

3

Hoic/butto...66.png

windows7-x64

3

Hoic/butto...66.png

windows10-2004-x64

3

Hoic/butto...66.png

windows7-x64

3

Hoic/butto...66.png

windows10-2004-x64

3

Hoic/butto...mbs.db

windows7-x64

3

Hoic/butto...mbs.db

windows10-2004-x64

3

Hoic/butto...dd.png

windows7-x64

3

Hoic/butto...dd.png

windows10-2004-x64

3

Hoic/butto...d2.png

windows7-x64

3

Hoic/butto...d2.png

windows10-2004-x64

3

Hoic/butto...d3.png

windows7-x64

3

Hoic/butto...d3.png

windows10-2004-x64

3

Resubmissions

31-07-2024 04:57

240731-flg26axflr 3

Analysis

  • max time kernel
    147s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-07-2024 04:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Hoic/buttons2/buttons.rar

  • Size

    59KB

  • MD5

    7d7495cdeb9b52f12d32460027782d0d

  • SHA1

    08c5ff013f5d0469a941bc3e3bc5446270d3f3ba

  • SHA256

    99344a350f7f78dee7b1e31d018a53ffc8b574271a78b35c0f8abfa2f804bd9a

  • SHA512

    b36a9f3b6cfd0c2c09901cefdca82d56bcc7727da4fa98c81877b341c187a4f54d7a3a282201f39cf3a6f2eccd5fd78921c476f9268c31612579d876a30c3f4b

  • SSDEEP

    768:p357+O35A351rJJ+35BA35J35Q+H35Zg35zbKD35hG35UD35k35hZPl635mjL35l:qNJ8SOQEPl5

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Hoic\buttons2\buttons.rar
    1⤵
    • Modifies registry class
    PID:5000
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:548
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Hoic\buttons2\buttons.rar"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2576-5-0x00007FF6E2EE0000-0x00007FF6E2FD8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/2576-6-0x00007FFFE47A0000-0x00007FFFE47D4000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2576-14-0x00007FFFE47F0000-0x00007FFFE4801000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2576-13-0x00007FFFE4810000-0x00007FFFE482D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2576-12-0x00007FFFECB60000-0x00007FFFECB71000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2576-11-0x00007FFFE4830000-0x00007FFFE4847000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2576-15-0x00007FFFD4B70000-0x00007FFFD4D7B000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2576-10-0x00007FFFE8720000-0x00007FFFE8731000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2576-9-0x00007FFFE9220000-0x00007FFFE9237000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2576-8-0x00007FFFE9300000-0x00007FFFE9318000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2576-7-0x00007FFFD4D80000-0x00007FFFD5036000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2576-22-0x00007FFFE4260000-0x00007FFFE4271000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2576-21-0x00007FFFE4280000-0x00007FFFE4291000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2576-20-0x00007FFFE42A0000-0x00007FFFE42B1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2576-19-0x00007FFFE43C0000-0x00007FFFE43D8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2576-18-0x00007FFFE43E0000-0x00007FFFE4401000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2576-17-0x00007FFFE4410000-0x00007FFFE4451000-memory.dmp

    Filesize

    260KB

    Download

  • memory/2576-16-0x00007FFFD3AC0000-0x00007FFFD4B70000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/2576-52-0x00007FFFD3AC0000-0x00007FFFD4B70000-memory.dmp

    Filesize

    16.7MB

    Download