Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
04-12-2024 04:43
General
-
Target
HybridTroubleshooter.exe
-
Size
6.0MB
-
MD5
7b6bf2e9439976470abed7e28aeb7e50
-
SHA1
79ced0071d376428aa98d951e2524845bd1d87b1
-
SHA256
b3dff4a7df3913a8ba790c89e44526bb71951f7e9ca0d321b026080ff57780ee
-
SHA512
b4e0ebff67876398a38f2ef05c6d3b07443b311298549fa1681c49653b5f018b71f63af7d309ce40c6c2a2084572119c9aa02ffb44d4b4e4046a612ae105fa39
-
SSDEEP
98304:4jcZrXqkqSnWyL4afkhk9Y+YNwh1SMCJbzRnPJ8iE/56YiaDJ1n6hB0LncZMn:9R9L4ack9Y7m7SMYNPKBFn6hqgi
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
-
Loads dropped DLL 1 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\HybridTroubleshooter.exe"C:\Users\Admin\AppData\Local\Temp\HybridTroubleshooter.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\HybridTroubleshooter.exe"C:\Users\Admin\AppData\Local\Temp\HybridTroubleshooter.exe"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD5e7103e2bf67b33f3c866e944329ddd7b
SHA13bab461ec7782a4949964b591c14d8f3bacc1098
SHA256b36c67f6ab5dbe6104f4abf3f1c19a702af20d8bedcf9ef5e499dc84e62d6fbd
SHA512b45629330d0f67788b4c7f1ec61bce0b64f567d6bcfcbccb14289284672eee81d3d8f4036d58e9f24f3c86b5e67d2b5d58253d03249c4e151ac0a0ba2134d88b
-
Filesize
5.0MB