Overview

overview

8

Static

static

3

Hi/Mapper.exe

windows11-21h2-x64

8

Hi/owo.exe

windows11-21h2-x64

5

Analysis

  • max time kernel
    30s
  • max time network
    110s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03-08-2024 03:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Hi/Mapper.exe

  • Size

    90KB

  • MD5

    16f11262ba1de7353ffa5760aa7afb61

  • SHA1

    776bfc94834af61c9103119b8b663a7e35549eb5

  • SHA256

    a1be2f49ffcb3ba2b87263a2cb76e1c376e7cedaebee8ad9995e98f16243cb69

  • SHA512

    f55fc268172af49e2def51f000964935baaeb6bc3c149f056ac4e25b47a0662e63016068f06e4e18b1f9d5f044b6c510631f507f789e7f99ce7a0e435645fd0d

  • SSDEEP

    1536:oUKG/o39iH05Za7H7N73kO2ZiMoaDDC682jeMHABuMd:oUK539K05A7Nyh182QkM

Score
8/10
persistence

Malware Config

Signatures

  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Hi\Mapper.exe
    "C:\Users\Admin\AppData\Local\Temp\Hi\Mapper.exe"
    1⤵
    • Sets service image path in registry
    • Suspicious behavior: LoadsDriver
    • Suspicious use of AdjustPrivilegeToken
    PID:3256

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads