71e7bbd92d365ce21e8eb3117032a58b5c4d4b7c88f77619fc03e8c8231e8fd7

Resubmissions

30-06-2024 19:45

240630-ygkxcstdkg 7

Analysis

max time kernel
359s
max time network
364s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 19:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HarmWare.exe
Size

13.8MB
MD5

22c9248245edf49a0eed0bc7ec21f4cd
SHA1

ddc6fd9acf9d4733241fd4548fc642863f7c05c6
SHA256

94105e6a1977eb38f8062e153a83bab9cb530abf402f9f0855f0089bb7584507
SHA512

37488bacef43748fce3be83f52ab79dc821ed4006979d9aa5b47a57582de7ea9e9afcbd4f92e06116fad0ff746b22c555b1776267a4bab4356e0795c85c16327
SSDEEP

393216:Cu7L/SIzY3xdQuslSl9DoWOv+9MMkq/z1:CCL68EdQu9xorvSMFq/z

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

HarmWare.exe

pid process

1620 HarmWare.exe
1620 HarmWare.exe
1620 HarmWare.exe
1620 HarmWare.exe
1620 HarmWare.exe
1620 HarmWare.exe
1620 HarmWare.exe

pid	process
1620	HarmWare.exe
1620	HarmWare.exe
1620	HarmWare.exe
1620	HarmWare.exe
1620	HarmWare.exe
1620	HarmWare.exe
1620	HarmWare.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

HarmWare.exe

description	pid	process	target process
PID 2964 wrote to memory of 1620	2964	HarmWare.exe	HarmWare.exe
PID 2964 wrote to memory of 1620	2964	HarmWare.exe	HarmWare.exe
PID 2964 wrote to memory of 1620	2964	HarmWare.exe	HarmWare.exe

C:\Users\Admin\AppData\Local\Temp\HarmWare.exe
"C:\Users\Admin\AppData\Local\Temp\HarmWare.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2964

C:\Users\Admin\AppData\Local\Temp\HarmWare.exe
"C:\Users\Admin\AppData\Local\Temp\HarmWare.exe"
2⤵
- Loads dropped DLL
PID:1620

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\_MEI29642\api-ms-win-core-file-l1-2-0.dll
Filesize
11KB

MD5
28f9d73b929edf71e172ec6ce3ecf3d1

SHA1
51bda76e4a5c3cb77c5963433bb0d8ed4cb30ffe

SHA256
8336d3e57593d6572759339026436958a7961ace014827f6837e87a34ab87ad1

SHA512
28c8d37e9e0fd071ab2bdaebbffc71e9a1e262b494ce5e0c8e156752de0a2d2a7996a9c2a0189d60fa9ee68abbc2ae3dcd8cdb00294a498871728ba78155b81e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29642\api-ms-win-core-file-l2-1-0.dll
Filesize
11KB

MD5
5de61cd0a2e276c1c647ad6aaf239e66

SHA1
6565296115014516fafb8e3815176b34a5968bc5

SHA256
db09449ad24e6e29a912d71de89bf0b47a9d0d5740788db2b31b2b2c79937374

SHA512
dd979cdd3b0e47f35b0d47378208a90464bb0e8fe69551655a110d098c1c326370247e71449a0522d76e051b2003502ed51612002e18ee258b96338ba38542e7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29642\api-ms-win-core-localization-l1-2-0.dll
Filesize
14KB

MD5
1171ca9d1389e900ce2a417dd64d25e4

SHA1
770d5ab804db98627e0543b3b15c34d5967bc71b

SHA256
df89ddfcf2a1be3aa4b35c99085bc861a48c5348891a5e7fc5280652fa917418

SHA512
577908db29313e48a9db0296e8db38ec44017f133c6b2e86db53460852016989476a4809dbaf8383deb468732e62162ce2b45c5d526e3d30c8a98552756f7810

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29642\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
12KB

MD5
d90b90aa2220db2654440c2e0e94ce2b

SHA1
4fd27aba02dd15304225a4b4baf92f49a71901da

SHA256
5378d6758333398483c20e0f622c461b4853980ba8e1d1b916dd960f1dfae11a

SHA512
195eb75d07430da1b02b7837b02ede11175c7203121fafb086a5c7d5e87d67467b834e32016e0f0251a261165425011689ce93c126e6c7746b3fb3af49b79883

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29642\api-ms-win-core-timezone-l1-1-0.dll
Filesize
12KB

MD5
b5a238976412a7e93f7741a0da827d11

SHA1
57912158d16fd3b43f1ac6d5bfe0f36072faf424

SHA256
d72ac7b9a9dfda2dbab08e2a9f612e451a0eaa6bb94cffa26bee931fe1b10053

SHA512
dca95198000416bb47a6b42a1e485d31b1577c8cb867ef177c744a85ccefae326ba5e2cfd818fd41a6c049440a27ecb5896572213dc02e8e1d435c77cdc54b41

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29642\python310.dll
Filesize
4.3MB

MD5
deaf0c0cc3369363b800d2e8e756a402

SHA1
3085778735dd8badad4e39df688139f4eed5f954

SHA256
156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d

SHA512
5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29642\ucrtbase.dll
Filesize
986KB

MD5
0c8809225ba552acbc2c5f6d4eb182a9

SHA1
8b30a9b49f55e422ad947a71a94c0a1fdc062ead

SHA256
8903d3c8c23aff0558d43180c7151f84c6acf81a0dc4b6b1d8282d9d948a2fac

SHA512
7683af9f7bfe50c97acae9e998fb104082735dcc8d4e974e71c987c5160e53265d82d6f86235c42ddedc61533daadf727a9322473f1dac3ed2cd30f4cd8ee0e5

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads