f2890a1c966db9cf886ef2fd03de72145447af07baa468d0b966984665bab6f1

Analysis

max time kernel
30s
max time network
32s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
11/06/2023, 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

D23yjom5nycA.exe
Size

473KB
MD5

13db207df98863809b3cb9674fffb7b8
SHA1

613ed0f5496fd32af6576194083c654981fb8ac8
SHA256

f2890a1c966db9cf886ef2fd03de72145447af07baa468d0b966984665bab6f1
SHA512

a09d50853a5c92044165b88ad92c1060da722c22831ad3db2826ee61d71185ac56dffc6f3eb33b8ae655dda4777bf4656f8480516cd92a074daf42a7897b938e
SSDEEP

12288:2ToPWBv/cpGrU3yVtX+t4V55zUqFZAPTtvYuUL+:2TbBv5rUyXV55QqcFPf

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
380	injection.exe

Loads dropped DLL 2 IoCs

pid	Process
1712	D23yjom5nycA.exe
1096	Process not Found

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 380	1712	D23yjom5nycA.exe	27
PID 1712 wrote to memory of 380	1712	D23yjom5nycA.exe	27
PID 1712 wrote to memory of 380	1712	D23yjom5nycA.exe	27
PID 1712 wrote to memory of 380	1712	D23yjom5nycA.exe	27

C:\Users\Admin\AppData\Local\Temp\D23yjom5nycA.exe
"C:\Users\Admin\AppData\Local\Temp\D23yjom5nycA.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\injection.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\injection.exe"
  2⤵
  - Executes dropped EXE
  PID:380

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\injection.exe

Filesize
151KB

MD5
b00996c469b5093a30fc729e2a0816be

SHA1
a3d896cd56377f6984e7ebbe12add9aa29b533e6

SHA256
f73878ee5ee0c1e4b959ab08ab5438e036bdd4c4338342962354bdda90c7f6e6

SHA512
ce310fd10d4f4d222d12d0d9c294c6b2185722d740ebf57dc6d66a5f2ea2ce2bd92a75e650a77af7ab65b95220f406fd034b67ec1b64cbd7eb644ee13d0a4282

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\injection.exe

Filesize
151KB

MD5
b00996c469b5093a30fc729e2a0816be

SHA1
a3d896cd56377f6984e7ebbe12add9aa29b533e6

SHA256
f73878ee5ee0c1e4b959ab08ab5438e036bdd4c4338342962354bdda90c7f6e6

SHA512
ce310fd10d4f4d222d12d0d9c294c6b2185722d740ebf57dc6d66a5f2ea2ce2bd92a75e650a77af7ab65b95220f406fd034b67ec1b64cbd7eb644ee13d0a4282

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\injection.exe

Filesize
151KB

MD5
b00996c469b5093a30fc729e2a0816be

SHA1
a3d896cd56377f6984e7ebbe12add9aa29b533e6

SHA256
f73878ee5ee0c1e4b959ab08ab5438e036bdd4c4338342962354bdda90c7f6e6

SHA512
ce310fd10d4f4d222d12d0d9c294c6b2185722d740ebf57dc6d66a5f2ea2ce2bd92a75e650a77af7ab65b95220f406fd034b67ec1b64cbd7eb644ee13d0a4282

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\injection.exe

Filesize
151KB

MD5
b00996c469b5093a30fc729e2a0816be

SHA1
a3d896cd56377f6984e7ebbe12add9aa29b533e6

SHA256
f73878ee5ee0c1e4b959ab08ab5438e036bdd4c4338342962354bdda90c7f6e6

SHA512
ce310fd10d4f4d222d12d0d9c294c6b2185722d740ebf57dc6d66a5f2ea2ce2bd92a75e650a77af7ab65b95220f406fd034b67ec1b64cbd7eb644ee13d0a4282

Download Submit