Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

HSZXPMB7kS.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.754206235972524
Filename:	HSZXPMB7kS.exe
Filesize:	334347
MD5:	d6f5ca5da79a7eb267670cc0e6f5d590
SHA1:	6d62f339e2bb9b107b0309663d30e4e4647e4b5d
SHA256:	2a3da413f9f0554148469ea715f2776ab40e86925fb68cc6279ffc00f4f410dd
SHA512:	f0b1298f64aee6f683b5d985c1fcb8a5f2ac4d15a1e0a7c372f991c1a4e6b4152425506ad13cc11b04696ed9ff43e16d3419c2aced2dab4c2c80207834a2caa3
SSDEEP:	6144:ntH/xNLaAOvIBd7lAAxWS1elIoSN6WX+t45q3niV0:ntH5NLaAdDhAAEIFcWX+t4o3iV0
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............w...w...w..<.V..w..<.T..w..<.U..w....Z..w.......w.......w.......w....$..w....4..w...w...v.......w.......w....X..w.......w.

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion Security Software Discovery
Contains functionality to call native functions	System Summary
Contains functionality to check if a debugger is running (IsDebuggerPresent)	Anti Debugging
Contains functionality to communicate with device drivers	System Summary
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection
Contains functionality to query locales information (e.g. system language)	Language, Device and Operating System Detection
Contains functionality to read the PEB	Anti Debugging
Contains functionality which may be used to detect a debugger (GetProcessHeap)	Anti Debugging	Security Software Discovery
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
File is packed with WinRar	Data Obfuscation	Software Packing
Found evasive API chain (date check)	Malware Analysis System Evasion	Native API
Found potential string decryption / allocating functions	System Summary	Deobfuscate/Decode Files or Information
PE file contains sections with non-standard names	Data Obfuscation
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Searches for the Microsoft Outlook file path	System Summary	Email Collection
Uses 32bit PE files	Compliance, System Summary	Masquerading
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Contains functionality for error logging	System Summary
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Contains functionality to instantiate COM classes	System Summary
Contains functionality to load and extract PE file embedded resources	System Summary
Contains functionality to query local / system time	Language, Device and Operating System Detection	System Time Discovery
Contains functionality to query system information	Malware Analysis System Evasion	System Information Discovery
Contains functionality to query windows version	Language, Device and Operating System Detection
Contains functionality to register its own exception handler	Anti Debugging
Creates files inside the user directory	System Summary	Masquerading
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion
Might use command line arguments	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Program exit points	Malware Analysis System Evasion
Reads ini files	System Summary
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses an in-process (OLE) Automation server	System Summary
PE file contains a valid data directory to section mapping	System Summary	Security Software Discovery
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary

C:\Users\user\Desktop\???i????-582-4453-08.docx.lnk

MS Windows shortcut, Item id list present, Has Description string, Has command line arguments, Icon number=0, ctime=Fri Aug 4 04:10:09 2023, mtime=Fri Aug 4 04:10:09 2023, atime=Fri Aug 4 04:10:09 2023, length=0, window=hide

dropped

Details

File:	C:\Users\user\Desktop\???i????-582-4453-08.docx.lnk
Category:	dropped
Dump:	???i????-582-4453-08.docx.lnk.1.dr
ID:	dr_0
Target ID:	1
Process:	C:\Users\user\Desktop\HSZXPMB7kS.exe
Type:	MS Windows shortcut, Item id list present, Has Description string, Has command line arguments, Icon number=0, ctime=Fri Aug 4 04:10:09 2023, mtime=Fri Aug 4 04:10:09 2023, atime=Fri Aug 4 04:10:09 2023, length=0, window=hide
Entropy:	6.046375755549102
Encrypted:	false
Ssdeep:	192:8iIJudXs1THeATd4shAXDDlL3Gvn2yDctJZ+7BJkY3820pLkz:oJ31rek44AX1L2vDDci3MRpL0
Size:	10562
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Suspicious LNK Double Extension File Created	System Summary

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\HSZXPMB7kS.exe

"C:\Users\user\Desktop\HSZXPMB7kS.exe"

Details

Is windows:	false
Is dropped:	false
PID:	2816
Target ID:	1
Parent PID:	4084
Name:	HSZXPMB7kS.exe
Path:	C:\Users\user\Desktop\HSZXPMB7kS.exe
Commandline:	"C:\Users\user\Desktop\HSZXPMB7kS.exe"
Size:	334347
MD5:	D6F5CA5DA79A7EB267670CC0E6F5D590
Time:	09:31:20
Date:	30/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x120000
Modulesize:	487424
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
PE file contains sections with non-standard names	Data Obfuscation
Sigma detected: Suspicious LNK Double Extension File Created	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary

Domains

Name

Malicious

15.164.165.52.in-addr.arpa

unknown

183.59.114.20.in-addr.arpa

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

718E000

heap

page read and write

713E000

heap

page read and write

52A0000

trusted library allocation

page read and write

30A7000

heap

page read and write

3090000

heap

page read and write

7143000

heap

page read and write

34A0000

heap

page read and write

306C000

heap

page read and write

3085000

heap

page read and write

B68D000

stack

page read and write

3053000

heap

page read and write

30A8000

heap

page read and write

3071000

heap

page read and write

3087000

heap

page read and write

30A5000

heap

page read and write

BAF0000

heap

page read and write

3064000

heap

page read and write

185000

unkown

page write copy

7143000

heap

page read and write

713F000

heap

page read and write

185000

unkown

page readonly

154000

unkown

page readonly

186000

unkown

page readonly

3017000

heap

page read and write

BAF1000

heap

page read and write

30AC000

heap

page read and write

2F55000

heap

page read and write

7166000

heap

page read and write

34A4000

heap

page read and write

7136000

heap

page read and write

306A000

heap

page read and write

546E000

stack

page read and write

718A000

heap

page read and write

7166000

heap

page read and write

717A000

heap

page read and write

160000

unkown

page write copy

34C4000

heap

page read and write

3071000

heap

page read and write

718A000

heap

page read and write

4F9E000

stack

page read and write

BAF9000

heap

page read and write

3036000

heap

page read and write

717A000

heap

page read and write

34CE000

heap

page read and write

7166000

heap

page read and write

BADF000

heap

page read and write

30A5000

heap

page read and write

7100000

heap

page read and write

BAE4000

heap

page read and write

7110000

heap

page read and write

308C000

heap

page read and write

3085000

heap

page read and write

713F000

heap

page read and write

2F50000

heap

page read and write

BAFC000

heap

page read and write

303D000

heap

page read and write

542F000

stack

page read and write

714D000

heap

page read and write

7153000

heap

page read and write

34C3000

heap

page read and write

713C000

heap

page read and write

BAF9000

heap

page read and write

7149000

heap

page read and write

BAE0000

heap

page read and write

714A000

heap

page read and write

7110000

heap

page read and write

4F5E000

stack

page read and write

BAFC000

heap

page read and write

2BAC000

stack

page read and write

7164000

heap

page read and write

2FEC000

heap

page read and write

309E000

heap

page read and write

BAA1000

heap

page read and write

BAFC000

heap

page read and write

3047000

heap

page read and write

713F000

heap

page read and write

5A64000

heap

page read and write

154000

unkown

page readonly

3057000

heap

page read and write

30A5000

heap

page read and write

7164000

heap

page read and write

30AC000

heap

page read and write

BAA0000

heap

page read and write

7166000

heap

page read and write

120000

unkown

page readonly

714B000

heap

page read and write

7121000

heap

page read and write

5A53000

heap

page read and write

308C000

heap

page read and write

30A5000

heap

page read and write

31AD000

stack

page read and write

184000

unkown

page read and write

7168000

heap

page read and write

7135000

heap

page read and write

BADF000

heap

page read and write

7169000

heap

page read and write

3068000

heap

page read and write

711F000

heap

page read and write

2FEC000

heap

page read and write

302E000

heap

page read and write

7159000

heap

page read and write

BB02000

heap

page read and write

2FEC000

heap

page read and write

30AC000

heap

page read and write

2FB8000

heap

page read and write

7135000

heap

page read and write

7163000

heap

page read and write

BB42000

heap

page read and write

718A000

heap

page read and write

3064000

heap

page read and write

2F20000

heap

page read and write

2F10000

heap

page readonly

305A000

heap

page read and write

BBA0000

trusted library allocation

page read and write

34C0000

heap

page read and write

2FD5000

heap

page read and write

7168000

heap

page read and write

7153000

heap

page read and write

34CE000

heap

page read and write

306A000

heap

page read and write

714B000

heap

page read and write

309E000

heap

page read and write

716A000

heap

page read and write

BAEE000

heap

page read and write

3047000

heap

page read and write

713D000

heap

page read and write

3000000

heap

page read and write

5A66000

heap

page read and write

B58C000

stack

page read and write

714B000

heap

page read and write

5A6F000

heap

page read and write

30AE000

heap

page read and write

BAA0000

trusted library allocation

page read and write

7110000

heap

page read and write

2BC6000

stack

page read and write

711F000

heap

page read and write

BAFC000

heap

page read and write

3090000

heap

page read and write

BB46000

heap

page read and write

32EE000

stack

page read and write

30A5000

heap

page read and write

3046000

heap

page read and write

718D000

heap

page read and write

3061000

heap

page read and write

BAEE000

heap

page read and write

3000000

heap

page read and write

3071000

heap

page read and write

BAF9000

heap

page read and write

34CE000

heap

page read and write

BAF9000

heap

page read and write

3060000

heap

page read and write

306C000

heap

page read and write

713F000

heap

page read and write

7138000

heap

page read and write

2E30000

heap

page read and write

BB42000

heap

page read and write

2FE0000

heap

page read and write

3046000

heap

page read and write

3077000

heap

page read and write

BAF9000

heap

page read and write

165000

unkown

page read and write

BAA1000

heap

page read and write

163000

unkown

page read and write

2FDF000

heap

page read and write

714D000

heap

page read and write

BBB0000

trusted library allocation

page read and write

BAFC000

heap

page read and write

2FB0000

heap

page read and write

3085000

heap

page read and write

30AC000

heap

page read and write

BB35000

heap

page read and write

2FD8000

heap

page read and write

56D0000

trusted library allocation

page read and write

BAEF000

heap

page read and write

714D000

heap

page read and write

B40E000

stack

page read and write

7144000

heap

page read and write

7121000

heap

page read and write

3077000

heap

page read and write

3068000

heap

page read and write

714B000

heap

page read and write

304E000

heap

page read and write

306A000

heap

page read and write

34C8000

heap

page read and write

34C8000

heap

page read and write

BAF9000

heap

page read and write

3082000

heap

page read and write

3090000

heap

page read and write

711F000

heap

page read and write

3071000

heap

page read and write

BB03000

heap

page read and write

7121000

heap

page read and write

7171000

heap

page read and write

30AC000

heap

page read and write

3008000

heap

page read and write

3085000

heap

page read and write

713C000

heap

page read and write

715A000

heap

page read and write

308C000

heap

page read and write

3085000

heap

page read and write

713C000

heap

page read and write

7143000

heap

page read and write

3047000

heap

page read and write

2FED000

heap

page read and write

30AD000

heap

page read and write

BAF9000

heap

page read and write

3082000

heap

page read and write

BAEF000

heap

page read and write

BB34000

heap

page read and write

3053000

heap

page read and write

2FD8000

heap

page read and write

BAEE000

heap

page read and write

34CE000

heap

page read and write

7168000

heap

page read and write

3009000

heap

page read and write

5A50000

heap

page read and write

3061000

heap

page read and write

2F9D000

stack

page read and write

34CE000

heap

page read and write

509F000

stack

page read and write

BAF9000

heap

page read and write

BBB0000

trusted library allocation

page read and write

718A000

heap

page read and write

7135000

heap

page read and write

713C000

heap

page read and write

BAF1000

heap

page read and write

5161000

trusted library allocation

page read and write

3081000

heap

page read and write

7121000

heap

page read and write

52B0000

heap

page read and write

BAF9000

heap

page read and write

3071000

heap

page read and write

3090000

heap

page read and write

55AB000

stack

page read and write

31EE000

stack

page read and write

308C000

heap

page read and write

121000

unkown

page execute read

716B000

heap

page read and write

2FF6000

heap

page read and write

7EF71000

trusted library allocation

page execute read

309E000

heap

page read and write

304B000

heap

page read and write

7166000

heap

page read and write

532E000

stack

page read and write

715F000

heap

page read and write

BB42000

heap

page read and write

7173000

heap

page read and write

713D000

heap

page read and write

2FE9000

heap

page read and write

3052000

heap

page read and write

308A000

heap

page read and write

BAFC000

heap

page read and write

121000

unkown

page execute read

3017000

heap

page read and write

309E000

heap

page read and write

30A5000

heap

page read and write

BAFC000

heap

page read and write

7143000

heap

page read and write

556C000

stack

page read and write

30A8000

heap

page read and write

7138000

heap

page read and write

3047000

heap

page read and write

308C000

heap

page read and write

BAFC000

heap

page read and write

BAEE000

heap

page read and write

308C000

heap

page read and write

7151000

heap

page read and write

718A000

heap

page read and write

52D7000

heap

page read and write

718E000

heap

page read and write

3090000

heap

page read and write

34CE000

heap

page read and write

303D000

heap

page read and write

7166000

heap

page read and write

3062000

heap

page read and write

7153000

heap

page read and write

BAE4000

heap

page read and write

713F000

heap

page read and write

717F000

heap

page read and write

3071000

heap

page read and write

BADE000

heap

page read and write

30AE000

heap

page read and write

30A5000

heap

page read and write

3076000

heap

page read and write

713D000

heap

page read and write

2FEC000

heap

page read and write

160000

unkown

page read and write

2FF6000

heap

page read and write

306D000

heap

page read and write

7164000

heap

page read and write

711F000

heap

page read and write

BB02000

heap

page read and write

B146000

heap

page read and write

7166000

heap

page read and write

718E000

heap

page read and write

715E000

heap

page read and write

3071000

heap

page read and write

2AC6000

stack

page read and write

52D0000

heap

page read and write

BB42000

heap

page read and write

714B000

heap

page read and write

30AC000

heap

page read and write

713D000

heap

page read and write

717D000

heap

page read and write

5A60000

heap

page read and write

714D000

heap

page read and write

713D000

heap

page read and write

713C000

heap

page read and write

717C000

heap

page read and write

3000000

heap

page read and write

30A5000

heap

page read and write

302A000

heap

page read and write

5160000

heap

page read and write

715F000

heap

page read and write

30A6000

heap

page read and write

718A000

heap

page read and write

3071000

heap

page read and write

7EF80000

trusted library allocation

page execute read

714A000

heap

page read and write

BAF1000

heap

page read and write

7165000

heap

page read and write

30AC000

heap

page read and write

3009000

heap

page read and write

3089000

heap

page read and write

5130000

heap

page read and write

BB42000

heap

page read and write

305A000

heap

page read and write

713D000

heap

page read and write

BADF000

heap

page read and write

3068000

heap

page read and write

3053000

heap

page read and write

7143000

heap

page read and write

3068000

heap

page read and write

56AE000

stack

page read and write

306C000

heap

page read and write

BAE4000

heap

page read and write

3053000

heap

page read and write

AD62000

trusted library allocation

page read and write

BAF9000

heap

page read and write

715E000

heap

page read and write

713F000

heap

page read and write

3076000

heap

page read and write

3085000

heap

page read and write

C3BC000

heap

page read and write

BAE5000

heap

page read and write

306C000

heap

page read and write

714A000

heap

page read and write

BAEE000

heap

page read and write

BAEA000

heap

page read and write

34CE000

heap

page read and write

BB42000

heap

page read and write

2FF6000

heap

page read and write

7183000

heap

page read and write

4E5E000

stack

page read and write

517A000

trusted library allocation

page read and write

713B000

heap

page read and write

713F000

heap

page read and write

5A30000

heap

page read and write

7135000

heap

page read and write

3062000

heap

page read and write

3090000

heap

page read and write

7153000

heap

page read and write

714B000

heap

page read and write

7166000

heap

page read and write

3060000

heap

page read and write

7135000

heap

page read and write

B50F000

stack

page read and write

3057000

heap

page read and write

120000

unkown

page readonly

There are 359 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
HSZXPMB7kS.exe

Files

Processes

Domains

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportHSZXPMB7kS.exe

Files

Processes

Domains

Memdumps

IOC Report
HSZXPMB7kS.exe