0f2df6e1548be0f53cf80c981571eff63ca5ec9944e2d3d10f502d25e0e3a73d

Analysis

max time kernel
31s
max time network
39s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 04:15

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

htpcons.exe
Size

8.7MB
MD5

49584481076666bfd5ef31fd5d59b04a
SHA1

9fd7c53f31fe4fd2a93598080aa1e19710fcb650
SHA256

ef3954f7bae5df48f4d56e012f60f7fe68fe928f3101d745264e3af9a6a31856
SHA512

7db5c7597a1982c70e2f4a2e0ae3f427c32bfe954c54888827f9262910fbebb98551a8995f34051c20905d1469e08a733d5d0c8c3302ec96665195861ab006a7
SSDEEP

98304:kPF4yuSdxdYvFsidGS90QKlLG9O6g4K8khZKLpbaL2d:wigXYniloOGK8khZKV6S

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	htpcons.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TaskScheduler.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5008	htpcons.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
5008	htpcons.exe
5008	htpcons.exe
5008	htpcons.exe
5008	htpcons.exe
5008	htpcons.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
5008	htpcons.exe
5008	htpcons.exe
5008	htpcons.exe
5008	htpcons.exe
5008	htpcons.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5008	htpcons.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 4956	5008	htpcons.exe	91
PID 5008 wrote to memory of 4956	5008	htpcons.exe	91
PID 5008 wrote to memory of 4956	5008	htpcons.exe	91

C:\Users\Admin\AppData\Local\Temp\htpcons.exe
"C:\Users\Admin\AppData\Local\Temp\htpcons.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Users\Admin\AppData\Local\Temp\TaskScheduler.exe
  "TaskScheduler.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\htpc\data22.dat

Filesize
22B

MD5
83f76b55c31398c725108594412046f9

SHA1
cd00c086e3774657deca6a1527d109b3ae39812e

SHA256
7c265798a76c04928b4d8a1b1478943fcbca151f1e29cb92673f816cb9ee2037

SHA512
8782645274aad6fa456887cd726594547ecaadb8c95c4fa7d81ad94a3acd2f57878d44a4a7df0cf9b6a39a0659902196206190f0c180d85f82fe867bc237a32d

Download Submit
C:\ProgramData\htpc\data22.dat

Filesize
22B

MD5
e5ea2ca56fccd7a46c1eb69eaf1185af

SHA1
467a5c45cd45ed430caffebb5ca723b227d4f94f

SHA256
73d289a44a20d115605faeb1f3fb044b4529dad94f76793771980b0e71d752a5

SHA512
7c42b859aefcf9a377474a7fd853423a0e45cebe72476980a2edd0b33cedf5e065d1d5fecfb84a08bac894f7b21db753f697fda06c8e0059eaa3d31b2ddf70a6

Download Submit
C:\ProgramData\htpc\data22.dat

Filesize
22B

MD5
f2275cf2056408e9959145658fb378eb

SHA1
3e2ab9c5871670194add3daf02b39f63112d10e3

SHA256
2004d023b01bdf30dc3b9704517a03dfb5290b397fac65ff9d47ba722669f148

SHA512
e8acc33d86cfba5e34edfd17062000e87a351d1ef6f4003f640dfe6f157f02a7788f90fd019ab684108e5eeaf32dcaa65ca404bcf4cc21cbbc501e4bd48fb738

Download Submit
C:\ProgramData\htpc\data22.dat

Filesize
23B

MD5
818548567b3ae1bdc3dbd558add5b1c5

SHA1
5eee757188f951949ee2d0c29ceec33a7ee0de0c

SHA256
1a1a61033045d93cd6c80bfc83a049fb26d506024075dbf8198530b9ce4940ae

SHA512
65e5e60c2c806a9412bcb3dc00ae2bca640c772043df260ded8d96e3f2caff3d4123b4dbf50e30477afe0a958d712fce72fa00a0e979380d32e4dbad54cd1d38

Download Submit
C:\ProgramData\htpc\data22.dat

Filesize
23B

MD5
abb56d2143b114b0fcaca1027f5b9dc8

SHA1
db775b83fe73a7b003fd783ed589be679ffde25a

SHA256
aa7ba1b29416b7ea282e678d7525491676cbf5f1121ccbb91651d90de4415d8b

SHA512
38ea08007a3056229ec9867d8abb7f9210de3695fe67a464ee0c55dee07cc83682d04d8c1c4e2e3e31a8f3086d0ec4710c57fd399efa73b6be15f62f813ba74d

Download Submit
C:\ProgramData\htpc\data22.dat

Filesize
23B

MD5
c2901d68166a3de5dd677c747b4bce63

SHA1
8feedf2e839bf6335e922cd9d26f9159f4c9bd09

SHA256
1440d22836d3e5e99964fe39ef3459db9bb3d534a50df1fab16968e2a6cdd4ea

SHA512
993c297bace4ee1ebc65f945272d9f1f825ca7ddf2cf014769a853726117857def1480904c87303dd0f0a6255b14ecfe74ae7fe0dee46adc7fbd187db5e06d01

Download Submit
C:\ProgramData\htpc\data22.dat

Filesize
23B

MD5
3ce19c051ae56411f48878e8517c7622

SHA1
7c89ebf25faab7d9a92fd5020976ef0ad4370d77

SHA256
c982f10c59d38442e085a4aebcf74274592e36a1613696d0c54d2d6e2e6cbe8d

SHA512
572b959a8cf154f3a25d44d7de37131871d3cf6097aa68af5b2a1ab8d46ba441dcb9645ef5334e9176d27c97cdcce933fe56bc6f4f28c7bd3e59c94308b8c6df

Download Submit
C:\ProgramData\htpc\data22.dat

Filesize
23B

MD5
c0812c9ca5a50c34fc8ea51084113f27

SHA1
e071cb1c1e3c3d19ac2c7448a99beccdb8e6b15b

SHA256
69e16c768bcd63a6bb23ad24f83205a3ba8912ba6ba084c99fb4a73747aa1664

SHA512
44853cda1df77685475a83cea40f795bd0c8b36e696143c5c5264ad2d746e5a7f26bfff8232723589a912b311f448cdc80a0c8ace7f3a6e6d89d82c50decf2c6

Download Submit
C:\ProgramData\htpc\data22.dat

Filesize
23B

MD5
49852b4b8fb90666aa7e076a2cbd0b95

SHA1
96be40e380e312fea6b1c54f68a85ab85f0e2d53

SHA256
b81fd3bf11e275169117b35319f257f86b599ed2af5a75bf562b0e3be9ce0ab6

SHA512
e526186ef7a36fafe134166a4cdcc90def98245380e1a9790a3dbe0dc97f312d0db24662e777d24a59b871bc89ec7b38e8d579765c4ebb126ef2f52899763dd4

Download Submit
C:\ProgramData\htpc\data22.dat

Filesize
23B

MD5
640eafc12c29b9c07da74ee24f88abef

SHA1
8fac4dcb4e116dbbc6c970b3ea034dc657c7f1a6

SHA256
1b1be55662295ffe6629357c7f6c45c6458f2b6c5e37d977122cfc6bfe2b3034

SHA512
91739bf63e8bf7cebf1ac1b730e0cc15a898b86d0a94eb219d68d73d31017a6bccac7702cf23c0319cc130e600b061b77478885b039ad4dcb2f9a6d3c92a5592

Download Submit
C:\ProgramData\htpc\data22.dat

Filesize
23B

MD5
667954d041a7a27c033810a5325cab0e

SHA1
717f959c76628310c8fb586f7f858f1cce789705

SHA256
e47efe878c58c524aaecb5fc69a12e86240746847b075b3634d52e1366684654

SHA512
3c14a54a3eaf7d3d4c36b4ee21c0a1f24cd0ad8f0d55e257bfe12d3408ece81718622df1eceb6a65399cdeda5633999f71a4ea91b07f7a90b0b574908edd37f9

Download Submit
C:\ProgramData\htpc\data22.dat

Filesize
23B

MD5
e78a28c90b7321607583168f7b0e1d3b

SHA1
f0989a2f3fff3854f3934cb3471647826245d07f

SHA256
aeee85895090297b7062ba9d55590ad99f9c1df51113b41a452b71b32600234e

SHA512
a58ee6d7d17e1aed2b46ed81995efc79163b35ec2bfc206e3bfa51cbdb8c70429a9a50f388ddb0ad468cb2c32fb747c17d9f11ba5b9fa40d2ebcd6148ca70143

Download Submit
C:\ProgramData\htpc\data22.dat

Filesize
23B

MD5
7582e2bbe806b25ea23fe2dbd9215f65

SHA1
0c991416c26ab2eea8dce75f96aedeec2b6aaba6

SHA256
e6b9541ebb9c4a327cd31e6472328e3de5ba0e18842d5a51c602a88037a8a7b9

SHA512
b7043d8cd523caf393d55860c41e9d3f542ede06af31e4888a3aea5622a916986b84455ea385b8d2391949989cd0fb7f98751497952c938ec39ebf8c8f82f41d

Download Submit
C:\ProgramData\htpc\data22.dat

Filesize
23B

MD5
644d355f89e8ae0430d75fea4dcfd423

SHA1
efd2b0032d6881351f4a07e74d4d236315d124d2

SHA256
253683e06ce67014150706ec8b9bfc8c5abfbbe9b6681954ad56fce3a47c870c

SHA512
e3d58f29bcc0ab8db1e11bbd307a06d12e21900c4bc4183122c2989541ebd3793aa9d74b5e342a485180a85c3f44138ec415569f3d1f73a472c8e806ed7d9b56

Download Submit
C:\ProgramData\htpc\data22.dat

Filesize
23B

MD5
98941d1f3a7bcf58068fe746b8019a4d

SHA1
fee6c9f116cc9507e2fcb104c7da9eddde587cf7

SHA256
7665639e3af9151b2ba03b0cf14d233ffc3e745cc74ae2e1f364b8bf879cf803

SHA512
0fdbadd052b4b423068c7144e270a0ce56adb143488ea5ad8f004a94b7e48bbbc2644c778e4b0b25c392367df80371c94ed25a8b9e6b33cf433257f390d2c8bc

Download Submit
C:\ProgramData\htpc\data22.dat

Filesize
23B

MD5
9809115326166d2ba9d7be7f6753184b

SHA1
14235337df88a8a0f3ef391a021975c437dabafe

SHA256
3ff0c086cce4b88c5c934063f73232c42ef848a98d293719385aab7e40b7255d

SHA512
d4e76495f35bef035d6ec5fadbf70db4e67e582ac1de8d286b4d575f861ab972a599797a99f053f9af5034e2afbbe2fac381ce96b182a54cbe11fc050282fd51

Download Submit
C:\ProgramData\htpc\data22.dat

Filesize
22B

MD5
8ba4b943c890770b50c9bce469c2cb28

SHA1
30b8c4fc9fb9165edd166b5b80a1c8d063d67291

SHA256
5d2a207995193b0d00c0d88f87e22a148a847cfc08df78d69a59262fea552f52

SHA512
4ca0135dda78ee29d3dc3bc962d63db333aa87c6f893df859fd8df3778981ee5f9c8cb2679ad921e26bfea2d7c7f1b7530c237407bcfedf4490db5841bf68142

Download Submit
C:\ProgramData\htpc\data22.dat

Filesize
22B

MD5
79bba9ea0c6665ebb04ff7838e906d60

SHA1
8e9f938f5c86a732f1cfdba111ba1afbb33879a5

SHA256
e0dc14df808b9448245ea0ce7888d3a891e3c82cffbdcd4629e42aa18afa58e3

SHA512
6706667b355428b4a8b891f62e6fa50568d02e5bb61b6f47a0df8109ef3989c70158d4d09d65efb0b56b864e74232462c7d4e90d4372269965c5bde5e174dc23

Download Submit
C:\ProgramData\htpc\data22.dat

Filesize
22B

MD5
1711526f8f7987a7104a0c490357b1e5

SHA1
33ad204a6d7dc50dee2dc0768d0f89fa89d7ac6f

SHA256
70e31d4394951682e848160f033f045caa4c21e6ef82d7a91cb7deeb50f07702

SHA512
71fbd93fe15bd056cf8929374fd005e824c291e40169cef973315f69b698b4d463a3decae490b37164dfe66029ccfacb70ec9c00955c166852312198d9f95cf2

Download Submit
C:\ProgramData\htpc\data22.dat

Filesize
22B

MD5
45732beb42894b68e147fc9d312377bd

SHA1
b2a012f0c33eb0a63bdea507553372730e3147f2

SHA256
b7fbc4a207c5c43bc9630bc22c067e77290d4fbd4613f5ea9e1cf3a873a55334

SHA512
1d87ae584b1260042761ea7baa267f629cde47e1f973da82cc9f0bfc45a868ce61043c7dff8b9551c4ea89b6cf94fb138f0b79b974f8fec808349f2e48631abb

Download Submit
C:\ProgramData\htpc\data6.dat

Filesize
55B

MD5
bc5d1d14649b49e04a804ded03df4b33

SHA1
d079ec96d7aee4acfb4945eee4e8f3d681c1c707

SHA256
4dbb80db93bf8167f53423d105855dc1ebf767211fcfe2d3e6480da37acd28e9

SHA512
e726fa7e53ea16471f4da44d123180b4c48904404896af62bf9d7206bbbf98ce732d4dc2ca85119969128a914f153e4ed9a87c8ad083e18e0114bec0e373712f

Download Submit
C:\ProgramData\htpc\data6.dat

Filesize
23B

MD5
7eeba9fb8ba0c33b93b692a13ad63d8e

SHA1
40980c3bc786736236ab09507a05cc1f51e4e1ff

SHA256
004b42c47028f9efe38f16fa260c432e23b936337776cff521af9b9c1837a4b6

SHA512
e138ee5beff9c3e9e89f324863da213cac160bcf4d77bf0d4e8e5944a12fa4f2f7debca5a5530f0f37158323d97c32dee7dc7babda3980d5d246b2a44dcdbe23

Download Submit
memory/4956-156-0x0000000000400000-0x000000000062F000-memory.dmp

Filesize
2.2MB

Download
memory/4956-157-0x0000000000CD0000-0x0000000000CD1000-memory.dmp

Filesize
4KB

Download
memory/4956-51-0x0000000000CD0000-0x0000000000CD1000-memory.dmp

Filesize
4KB

Download
memory/5008-222-0x0000000000400000-0x0000000000D74000-memory.dmp

Filesize
9.5MB

Download
memory/5008-145-0x0000000005E50000-0x0000000005E51000-memory.dmp

Filesize
4KB

Download
memory/5008-110-0x0000000000400000-0x0000000000D74000-memory.dmp

Filesize
9.5MB

Download
memory/5008-0-0x0000000002B70000-0x0000000002B71000-memory.dmp

Filesize
4KB

Download
memory/5008-79-0x0000000002B70000-0x0000000002B71000-memory.dmp

Filesize
4KB

Download
memory/5008-1-0x0000000005E50000-0x0000000005E51000-memory.dmp

Filesize
4KB

Download
memory/5008-328-0x0000000000400000-0x0000000000D74000-memory.dmp

Filesize
9.5MB

Download