cde01cf113690310fd5fca798cdf709e607e902a4d0d6fa6f89a3e388045043a

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-10-2024 07:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3.3.5/The Hitchhiker's Hack 3.3.5.exe
Size

570KB
MD5

0f84359c5ba5a737ef25e836729f7870
SHA1

36f330ef890c237526929b959613982d3d035dab
SHA256

18a9c5470c79c4c8bd82be6e9e6de88af7f7974ec330bead199832946ed7290f
SHA512

e62435847a16132d29b248ff93eef6389680f5adc9d6a3fa8d0d2c5d156cca0b0b8d9e7f79c65e5c6cac1353b4983fe8a77aa4b8b0143d63df387b2a3361c101
SSDEEP

12288:1jkArEN249AyE/rbaMct4bO2/VJLderKPcP35ufB5ezFZg:KFE//Tct4bOs/q/3EazI

Score

5^/10

discovery upx

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/1924-1-0x0000000000400000-0x00000000004E4000-memory.dmp	autoit_exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1924-0-0x0000000000400000-0x00000000004E4000-memory.dmp	upx
behavioral1/memory/1924-1-0x0000000000400000-0x00000000004E4000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	The Hitchhiker's Hack 3.3.5.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1924	The Hitchhiker's Hack 3.3.5.exe
1924	The Hitchhiker's Hack 3.3.5.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1924	The Hitchhiker's Hack 3.3.5.exe

C:\Users\Admin\AppData\Local\Temp\3.3.5\The Hitchhiker's Hack 3.3.5.exe
"C:\Users\Admin\AppData\Local\Temp\3.3.5\The Hitchhiker's Hack 3.3.5.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1924-0-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download
memory/1924-1-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download