9d926d5aa482310dca13e599a3af25aa4dc9848e8b38218291034e5b4af29b60

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
05/07/2023, 15:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06eda2033b1f34exeexeexeex.exe
Size

85KB
MD5

06eda2033b1f343922c2e8a9d268562d
SHA1

dc7a8aa3c17422121359cbf6c0bb73415ae481b0
SHA256

9d926d5aa482310dca13e599a3af25aa4dc9848e8b38218291034e5b4af29b60
SHA512

85bb17e44dd52f13e39ea1eccdf3129eed79b33e2697b0b56bb0f2a83825120117a408d2537a4e0bb2bbce851d7d32c3b7ad5dd2ac775f18d094aa63256c8455
SSDEEP

768:xQz7yVEhs9+4uR1bytOOtEvwDpjWfbZ7uyA36S7MpxRXrZSUfFKazNcZx:xj+VGMOtEvwDpjubwQEI8UtzNcZx

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2008	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2096	06eda2033b1f34exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2008	2096	06eda2033b1f34exeexeexeex.exe	28
PID 2096 wrote to memory of 2008	2096	06eda2033b1f34exeexeexeex.exe	28
PID 2096 wrote to memory of 2008	2096	06eda2033b1f34exeexeexeex.exe	28
PID 2096 wrote to memory of 2008	2096	06eda2033b1f34exeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\06eda2033b1f34exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\06eda2033b1f34exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2008

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
85KB

MD5
5d5eaad2e631906b0ff34e6cf7c71d4d

SHA1
58ec840a6cc3111e0fb856c36c1d7711f084136b

SHA256
b1ed21a40c2993595b232ddb83a57a52e6b3bf38d6251d0ecab6ddca92840ae1

SHA512
b4400029426ef8c0bf012fe9279bae1fd6ae84d055da34eeb6da59f8781c6bf26e8ac4da9825a481a5905e9229bddcbedd20d788aad1ce8d1ababcb3ac8b7ea3

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
85KB

MD5
5d5eaad2e631906b0ff34e6cf7c71d4d

SHA1
58ec840a6cc3111e0fb856c36c1d7711f084136b

SHA256
b1ed21a40c2993595b232ddb83a57a52e6b3bf38d6251d0ecab6ddca92840ae1

SHA512
b4400029426ef8c0bf012fe9279bae1fd6ae84d055da34eeb6da59f8781c6bf26e8ac4da9825a481a5905e9229bddcbedd20d788aad1ce8d1ababcb3ac8b7ea3

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
85KB

MD5
5d5eaad2e631906b0ff34e6cf7c71d4d

SHA1
58ec840a6cc3111e0fb856c36c1d7711f084136b

SHA256
b1ed21a40c2993595b232ddb83a57a52e6b3bf38d6251d0ecab6ddca92840ae1

SHA512
b4400029426ef8c0bf012fe9279bae1fd6ae84d055da34eeb6da59f8781c6bf26e8ac4da9825a481a5905e9229bddcbedd20d788aad1ce8d1ababcb3ac8b7ea3

Download Submit
memory/2008-69-0x0000000000450000-0x0000000000456000-memory.dmp

Filesize
24KB

Download
memory/2008-76-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2096-54-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/2096-55-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2096-67-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download