6b9b0c2be545dc060c19760fb7437a2661c50797797faa167a4b00a9236d4f29 | Triage

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 06:36

Sharing

Report Analysis Logs

General

Target

HBCD/WinTools/7Zip.bat
Size

89B
MD5

6fd295a4c32bca6f7d6b43ef35867b8c
SHA1

2fa26fb806c945e35b53aee40f186147b6965591
SHA256

16873933aedb621f9f495259a034a0d8225cb37e6a1b2133ac5277e43ae3c680
SHA512

d1e88801d2a46b835286e7494ff63d19001df1dd5f0a0e6ea9bae03bbb6c2f2eaacd08c6df5461ee10ccc3423d199dd0220b540fd7a945ffa14438fac3c3f1d3

Score

7^/10

Malware Config

Signatures

UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

behavioral1/memory/2280-0-0x0000000000400000-0x000000000047D000-memory.dmp upx
behavioral1/memory/2280-22-0x0000000000400000-0x000000000047D000-memory.dmp upx
Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

Processes:

uharc.exe

pid process

2280 uharc.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 2404 wrote to memory of 2280	2404	cmd.exe	uharc.exe
PID 2404 wrote to memory of 2280	2404	cmd.exe	uharc.exe
PID 2404 wrote to memory of 2280	2404	cmd.exe	uharc.exe
PID 2404 wrote to memory of 2280	2404	cmd.exe	uharc.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\HBCD\WinTools\7Zip.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2404

C:\Users\Admin\AppData\Local\Temp\HBCD\uharc.exe
..\uharc.exe e -t"C:\Users\Admin\AppData\Local\Temp" -y+ ..\mini98.uha 7*
2⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
PID:2280

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2280-0-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/2280-22-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download