dd842a71b8af8af07c233ba337266e92cbaf02acb5e96dd5799051bf0c966d5a

Analysis

max time kernel
149s
max time network
151s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
05/07/2023, 14:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01010da90e8204exeexeexeex.exe
Size

43KB
MD5

01010da90e8204abbec636e3ffaab19b
SHA1

22b4a5a8fed4049d9a718893731f1a03a6517857
SHA256

dd842a71b8af8af07c233ba337266e92cbaf02acb5e96dd5799051bf0c966d5a
SHA512

76ce619bf7e161542eb50a31438f363089a56fabd873c0bfc47cd00c3ec54adbe45fdde23abc29f9edf08e3467ed93022d9628e1a1694eb8618175c68b4d2dc5
SSDEEP

384:e/4wODQkzonAYsju5N/surDQtOOtEvwDpjqIGROqS/W/rJ+xLrs7cwcx4MG:79inqyNR/QtOOtEvwDpjBK/rJ+Nw8G

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2324	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2364	01010da90e8204exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2324	2364	01010da90e8204exeexeexeex.exe	28
PID 2364 wrote to memory of 2324	2364	01010da90e8204exeexeexeex.exe	28
PID 2364 wrote to memory of 2324	2364	01010da90e8204exeexeexeex.exe	28
PID 2364 wrote to memory of 2324	2364	01010da90e8204exeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\01010da90e8204exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\01010da90e8204exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2324

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
43KB

MD5
6ab9336ee18cedfa49852501e7981756

SHA1
efb1fd68ef6401d885cb28a9c19601dc9495ca15

SHA256
5d69166865337855ad45ca20f60c29ea302afc284a4b238549ed0f9aca9a1a37

SHA512
a5391a6d5ef750f06c152ad2f0fcb3f86960b1ef6d5e9e005ac96ebca6ad4549e1afb437932b901c86f4cff3b91ab1b77ef03211875dcef1f9813b8f10d3a923

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
43KB

MD5
6ab9336ee18cedfa49852501e7981756

SHA1
efb1fd68ef6401d885cb28a9c19601dc9495ca15

SHA256
5d69166865337855ad45ca20f60c29ea302afc284a4b238549ed0f9aca9a1a37

SHA512
a5391a6d5ef750f06c152ad2f0fcb3f86960b1ef6d5e9e005ac96ebca6ad4549e1afb437932b901c86f4cff3b91ab1b77ef03211875dcef1f9813b8f10d3a923

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
43KB

MD5
6ab9336ee18cedfa49852501e7981756

SHA1
efb1fd68ef6401d885cb28a9c19601dc9495ca15

SHA256
5d69166865337855ad45ca20f60c29ea302afc284a4b238549ed0f9aca9a1a37

SHA512
a5391a6d5ef750f06c152ad2f0fcb3f86960b1ef6d5e9e005ac96ebca6ad4549e1afb437932b901c86f4cff3b91ab1b77ef03211875dcef1f9813b8f10d3a923

Download Submit
memory/2324-69-0x0000000000600000-0x0000000000606000-memory.dmp

Filesize
24KB

Download
memory/2324-76-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2364-54-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2364-55-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/2364-67-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download