6b9b0c2be545dc060c19760fb7437a2661c50797797faa167a4b00a9236d4f29 | Triage

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 06:36

Sharing

Report Analysis Logs

General

Target

HBCD/WinTools/Autorun.exe
Size

11KB
MD5

e21919d9101c524bf8142f7dde33e4d6
SHA1

f3e48f3edf3a89042b2d99b212c207eef7780c47
SHA256

07282703984dd4ca2a0752c72e7b1518a1864f816ff49cc59434921305dec7df
SHA512

ced587b92d751892039fb45a8e18d2b20c18cc4eee6a586037bb457d4cbf433a0fa272255c6f8a12a747950966d3fd44e4c987377c9f17770a0aad0c22b99808
SSDEEP

192:gG9k28uq+N1Wkow4WiLuiJw6ooh7x5Ohx+tHMSGjRR1XL0A2xZ:3rqy1jiu6P7n1tsFAL

Score

7^/10

Malware Config

Signatures

UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

behavioral7/memory/1240-0-0x0000000000400000-0x000000000040A000-memory.dmp upx
behavioral7/memory/1240-3-0x0000000000400000-0x000000000040A000-memory.dmp upx
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Autorun.exe

pid process

1240 Autorun.exe

C:\Users\Admin\AppData\Local\Temp\HBCD\WinTools\Autorun.exe
"C:\Users\Admin\AppData\Local\Temp\HBCD\WinTools\Autorun.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1240

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1240-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1240-3-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download