7e6d7ab508f9eab661adfcaf9d70db0fdd62e5392f48ce0d1ca645e68c0cd665

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
05/07/2023, 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04dd8535ae9cbbexeexeexeex.exe
Size

51KB
MD5

04dd8535ae9cbb2e697bd36fedea0069
SHA1

dde581bcd815e4bde2f5cc66b3d576cb32354110
SHA256

7e6d7ab508f9eab661adfcaf9d70db0fdd62e5392f48ce0d1ca645e68c0cd665
SHA512

744fc727552340cb6584096442b7c82f5faecceeb5bf61e18b8615da3f7641fc807aee2a5128e73a4c771ccf53603dd3e4f99d9dce231a7cf8baabb3c7943e82
SSDEEP

768:6Qz7yVEhs9+4OR7tOOtEvwDpjLHqPOYRmNxt8YOc:6j+1NMOtEvwDpjr8oxmPc

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2180	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2380	04dd8535ae9cbbexeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2180	2380	04dd8535ae9cbbexeexeexeex.exe	29
PID 2380 wrote to memory of 2180	2380	04dd8535ae9cbbexeexeexeex.exe	29
PID 2380 wrote to memory of 2180	2380	04dd8535ae9cbbexeexeexeex.exe	29
PID 2380 wrote to memory of 2180	2380	04dd8535ae9cbbexeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\04dd8535ae9cbbexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\04dd8535ae9cbbexeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2180

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
51KB

MD5
dd348c87195c23f2b785ad0afa24e066

SHA1
5d9dd0d5893029673cd3d2833352df13101792bb

SHA256
7fbcded0285d8df5094b03df7eb8a24aad037d9b27bfdfebd690493f49e724ef

SHA512
7061717ee2d78855e4577e8945c4816ceb320cdbe7a46eb78ccd440701107af55ab2cbc7a03213aee3f00466c20aaf1636f6ca1fb6728cc11d28ee14a19a75b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
51KB

MD5
dd348c87195c23f2b785ad0afa24e066

SHA1
5d9dd0d5893029673cd3d2833352df13101792bb

SHA256
7fbcded0285d8df5094b03df7eb8a24aad037d9b27bfdfebd690493f49e724ef

SHA512
7061717ee2d78855e4577e8945c4816ceb320cdbe7a46eb78ccd440701107af55ab2cbc7a03213aee3f00466c20aaf1636f6ca1fb6728cc11d28ee14a19a75b3

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
51KB

MD5
dd348c87195c23f2b785ad0afa24e066

SHA1
5d9dd0d5893029673cd3d2833352df13101792bb

SHA256
7fbcded0285d8df5094b03df7eb8a24aad037d9b27bfdfebd690493f49e724ef

SHA512
7061717ee2d78855e4577e8945c4816ceb320cdbe7a46eb78ccd440701107af55ab2cbc7a03213aee3f00466c20aaf1636f6ca1fb6728cc11d28ee14a19a75b3

Download Submit
memory/2180-69-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/2180-76-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2380-54-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/2380-55-0x0000000000490000-0x0000000000496000-memory.dmp

Filesize
24KB

Download
memory/2380-67-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download