897155cc67dea5b3e363b37c8d890f92e2cd8070eb1a0626a0d8de193c06bb49

Analysis

max time kernel
145s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09/08/2024, 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hurrun.exe
Size

608KB
MD5

0d9abb40bf010b674e9bd8420c646600
SHA1

9a0112ee0bcb6e817f6f8ca7d86b8b770887d3fc
SHA256

5108a8493e9f6bd20adf29426c2166a1e0056f11b35bad5b7a05443348fd85c1
SHA512

70fb169885a0057649442e77ee7663b404ee662121753aa4fcd5d0ee2f56a191c663eb0fe10fd10c2ea66dab873a2f6be593a1bc07204d4aa5930046a5931cdd
SSDEEP

12288:8W4ENBASDcRlt3IqT04eg8pe+b+LO+l7uqEqZB1KRZr:9hN2SK33g3bI+CLRlbE+TK

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral7/memory/2372-0-0x0000000000400000-0x00000000005DF000-memory.dmp	upx
behavioral7/memory/2372-6-0x0000000003E40000-0x0000000003EAD000-memory.dmp	upx
behavioral7/memory/2372-59-0x0000000003F20000-0x0000000003F2D000-memory.dmp	upx
behavioral7/memory/2372-90-0x0000000000400000-0x00000000005DF000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hurrun.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2372	hurrun.exe

Suspicious use of AdjustPrivilegeToken 58 IoCs

description	pid	Process
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe
Token: 33	2372	hurrun.exe
Token: SeIncBasePriorityPrivilege	2372	hurrun.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2372	hurrun.exe
2372	hurrun.exe
2372	hurrun.exe
2372	hurrun.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
2372	hurrun.exe
2372	hurrun.exe
2372	hurrun.exe
2372	hurrun.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2372	hurrun.exe

C:\Users\Admin\AppData\Local\Temp\hurrun.exe
"C:\Users\Admin\AppData\Local\Temp\hurrun.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\setting.ini

Filesize
95B

MD5
f3b69db7b424764a05d7177ec9920bef

SHA1
689096b1630125d42b3431fd21881c3104b93cf4

SHA256
c5461c33e78df3ccee492faa4344d56ba01b141241e6fb39a10b2eb89dcf628c

SHA512
fe8b5f859ad719b42209970b5c72dd8fe0abc343a7d8e1512d117fc2da0964fc58b36d0f0052ac5172630beddd4ec54d0b0321e6c28e9e654018f20ac2b7b6ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\setting.ini

Filesize
413B

MD5
50d6895310cd44b6331d6c7a8b1dbbbf

SHA1
777b39171add7d9a311b7cdce379622685117aba

SHA256
dd221ad6d487293693a9d373c8032adb8e08dcae2e9d0028cdff075d7b8c4b61

SHA512
23690b3b99562a9f58b55c4af4a3902c21fa78318ef2e2191ad34849b36eab468c792c7bd8d44f5ee685d2d7b7bef002297271dd38a76dc80cfc33ddbebb6725

Download Submit
C:\Users\Admin\AppData\Local\Temp\setting.ini

Filesize
406B

MD5
054f1fac4f81b38f67900ad1fcce4ff9

SHA1
88765afbfadc70af2c740674bbd36d7192352e4e

SHA256
10803492a39008b46b95787c84827e044a1d28653e53d8601333a67166ac0b50

SHA512
6e0a15500410a1bbd11cdaab18ef1550f985ecb311b31c856254aedc4b1b3b6686a9ab01380354ad181e790af8df70c721541813f10ac4b0a035524ed3c9bbbe

Download Submit
memory/2372-1-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2372-0-0x0000000000400000-0x00000000005DF000-memory.dmp

Filesize
1.9MB

Download
memory/2372-6-0x0000000003E40000-0x0000000003EAD000-memory.dmp

Filesize
436KB

Download
memory/2372-59-0x0000000003F20000-0x0000000003F2D000-memory.dmp

Filesize
52KB

Download
memory/2372-90-0x0000000000400000-0x00000000005DF000-memory.dmp

Filesize
1.9MB

Download
memory/2372-92-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2372-95-0x0000000003E40000-0x0000000003EAD000-memory.dmp

Filesize
436KB

Download