42939fa34fca7408c344305201266c8eaf1c6bcfc0de8ca20b1861ee7e406d50

Resubmissions

05/07/2023, 04:25

230705-e15akaad95 7

05/07/2023, 03:34

230705-d46r5aac76 7

Analysis

max time kernel
71s
max time network
75s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
05/07/2023, 03:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

42939fa34fca7408c344305201266c8eaf1c6bcfc0de8ca20b1861ee7e406d50.exe
Size

1.9MB
MD5

b13e91eb7897fa191bf408cb5975af33
SHA1

34565fc58234198c224a234fddec4fcbc92714ff
SHA256

42939fa34fca7408c344305201266c8eaf1c6bcfc0de8ca20b1861ee7e406d50
SHA512

df5b670d8d075d3a370909809c161d650a731502b5648a09d14b14714cdc5fae3323aa16b594721331c437618d37e95784b790b75f4c28f1d99f9983708c6fcd
SSDEEP

49152:2fWhNaBfJXAE3JorzzMw5czRO9lqPzSI1C5C:2fWhNaBfKEMMwyOL2zSI1C5C

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2084	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 2084	1660	42939fa34fca7408c344305201266c8eaf1c6bcfc0de8ca20b1861ee7e406d50.exe	29
PID 1660 wrote to memory of 2084	1660	42939fa34fca7408c344305201266c8eaf1c6bcfc0de8ca20b1861ee7e406d50.exe	29
PID 1660 wrote to memory of 2084	1660	42939fa34fca7408c344305201266c8eaf1c6bcfc0de8ca20b1861ee7e406d50.exe	29
PID 1660 wrote to memory of 2084	1660	42939fa34fca7408c344305201266c8eaf1c6bcfc0de8ca20b1861ee7e406d50.exe	29
PID 1660 wrote to memory of 2084	1660	42939fa34fca7408c344305201266c8eaf1c6bcfc0de8ca20b1861ee7e406d50.exe	29
PID 1660 wrote to memory of 2084	1660	42939fa34fca7408c344305201266c8eaf1c6bcfc0de8ca20b1861ee7e406d50.exe	29
PID 1660 wrote to memory of 2084	1660	42939fa34fca7408c344305201266c8eaf1c6bcfc0de8ca20b1861ee7e406d50.exe	29

C:\Users\Admin\AppData\Local\Temp\42939fa34fca7408c344305201266c8eaf1c6bcfc0de8ca20b1861ee7e406d50.exe
"C:\Users\Admin\AppData\Local\Temp\42939fa34fca7408c344305201266c8eaf1c6bcfc0de8ca20b1861ee7e406d50.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Windows\SysWOW64\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /Y .\IjwFa3Hx.o
  2⤵
  - Loads dropped DLL
  PID:2084

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IjwFa3Hx.o

Filesize
1.2MB

MD5
ad82b732b20c4c04d203d80b1209b0bc

SHA1
ed5eb6ddd41f4f5b57184e82d986acaf0306e20a

SHA256
686b4009b4c0815f59f53ba79d401fe059f983acc6533fdd91ee78fc8e915288

SHA512
1d587061a211d76a8b85c2ea44fd16f1a758e8258604499ff33183d1cf9174802b1ec23c1202f8d749fce4f481ce720f73c69c389068987af5e8bde4bbe50723

Download Submit
\Users\Admin\AppData\Local\Temp\Ijwfa3Hx.o

Filesize
1.2MB

MD5
ad82b732b20c4c04d203d80b1209b0bc

SHA1
ed5eb6ddd41f4f5b57184e82d986acaf0306e20a

SHA256
686b4009b4c0815f59f53ba79d401fe059f983acc6533fdd91ee78fc8e915288

SHA512
1d587061a211d76a8b85c2ea44fd16f1a758e8258604499ff33183d1cf9174802b1ec23c1202f8d749fce4f481ce720f73c69c389068987af5e8bde4bbe50723

Download Submit
memory/2084-58-0x0000000002310000-0x0000000002447000-memory.dmp

Filesize
1.2MB

Download
memory/2084-59-0x0000000002310000-0x0000000002447000-memory.dmp

Filesize
1.2MB

Download
memory/2084-61-0x0000000000160000-0x0000000000166000-memory.dmp

Filesize
24KB

Download
memory/2084-65-0x00000000026B0000-0x00000000027C0000-memory.dmp

Filesize
1.1MB

Download
memory/2084-66-0x00000000027C0000-0x00000000028B7000-memory.dmp

Filesize
988KB

Download
memory/2084-69-0x00000000027C0000-0x00000000028B7000-memory.dmp

Filesize
988KB

Download
memory/2084-70-0x00000000027C0000-0x00000000028B7000-memory.dmp

Filesize
988KB

Download