a9f2c4bc268765fc6d72d8e00363d2440cf1dcbd1ef7ee08978959fc118922c9

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-12-2024 01:28

Target

HexaPort.dll
Size

514KB
MD5

2386ff4241e16fcca5481606a1424bf7
SHA1

f1d299336aac1a1314b36064ffa9ae12ebdb3e4c
SHA256

a9f2c4bc268765fc6d72d8e00363d2440cf1dcbd1ef7ee08978959fc118922c9
SHA512

5d31aec494217835d8da4c8b3b3a85c8aea148fa484ab2b348546154470aa96d64a205d4aa3909cc337b791a7daa2daea76a0c5b00660daef818e7883e078cdc
SSDEEP

12288:+lCodWFCE5bMQSuXYKwJCGZsv7y+eU6u:+lCodWFCwb/HwJh8HOu

Score

7^/10

Deletes itself 1 IoCs

pid	Process
4164	msedge.exe

Unexpected DNS network traffic destination 18 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3456 set thread context of 4164	3456	regsvr32.exe	82

Suspicious behavior: EnumeratesProcesses 64 IoCs

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3456 wrote to memory of 4164	3456	regsvr32.exe	82
PID 4164 wrote to memory of 3460	4164	msedge.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3460
- C:\Windows\system32\regsvr32.exe
  regsvr32 /s C:\Users\Admin\AppData\Local\Temp\HexaPort.dll
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:3456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    \??\C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    3⤵
    - Deletes itself
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4164

memory/3456-0-0x00000000027F0000-0x00000000029E5000-memory.dmp

Filesize
2.0MB

Download
memory/3460-12-0x00000000033A0000-0x0000000003430000-memory.dmp

Filesize
576KB

Download
memory/3460-13-0x00000000033A0000-0x0000000003430000-memory.dmp

Filesize
576KB

Download
memory/3460-14-0x0000000009150000-0x0000000009345000-memory.dmp

Filesize
2.0MB

Download
memory/3460-24-0x00000000033A0000-0x0000000003430000-memory.dmp

Filesize
576KB

Download
memory/3460-26-0x00000000033A0000-0x0000000003430000-memory.dmp

Filesize
576KB

Download
memory/3460-25-0x00000000033A0000-0x0000000003430000-memory.dmp

Filesize
576KB

Download
memory/3460-27-0x00000000033A0000-0x0000000003430000-memory.dmp

Filesize
576KB

Download
memory/3460-29-0x00000000033A0000-0x0000000003430000-memory.dmp

Filesize
576KB

Download
memory/3460-31-0x00007FF8DF3A0000-0x00007FF8DF3A1000-memory.dmp

Filesize
4KB

Download
memory/3460-32-0x00000000033A0000-0x0000000003430000-memory.dmp

Filesize
576KB

Download
memory/4164-10-0x000001BDE9780000-0x000001BDE9810000-memory.dmp

Filesize
576KB

Download