628a2ac47c08e495252e691d2d392b291ef3ef69bd185790dff5200b4734a859

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
05/07/2023, 15:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

074f56373da9b0exeexeexeex.exe
Size

37KB
MD5

074f56373da9b0ae1122c9be93940dad
SHA1

1c72be21050d1d6fc8f1134e2c0d3c6fdcf86eba
SHA256

628a2ac47c08e495252e691d2d392b291ef3ef69bd185790dff5200b4734a859
SHA512

075b6a29f2043da75ba499eeb4c3c0ed9aa02a0d6ca0a6948633348a41ffabf24c8de6e605cbcda61f18c7d4801ecd47fa9a897b913c3610072097345a8868c1
SSDEEP

384:bgX4uGLLQRcsdeQ7/nQu63Ag7YmecFanrlwfjDUkKDfWf6XT+72kmGYjlQxIc:bgX4zYcgTEu6QOaryfjqDlC7rYZQKc

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2280	hasfj.exe

Loads dropped DLL 1 IoCs

pid	Process
1192	074f56373da9b0exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 2280	1192	074f56373da9b0exeexeexeex.exe	29
PID 1192 wrote to memory of 2280	1192	074f56373da9b0exeexeexeex.exe	29
PID 1192 wrote to memory of 2280	1192	074f56373da9b0exeexeexeex.exe	29
PID 1192 wrote to memory of 2280	1192	074f56373da9b0exeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\074f56373da9b0exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\074f56373da9b0exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Users\Admin\AppData\Local\Temp\hasfj.exe
  "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
  2⤵
  - Executes dropped EXE
  PID:2280

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
37KB

MD5
ba12d1bdf88765768033d76d427d8cba

SHA1
f3941496f4823cb176cd9318e88904dc09467e91

SHA256
bfb1351e05aa045bde2f0cc2e614ac3918d4e9b43ea224d9775a8c9a4e010867

SHA512
0363c72b6c691606169a06fbe9ed479adc2b140791f2a3d0340fc49042b31732ec0f4970d00fb1b1da1c70a8fa132cd4f284cb0d81dfc7607a3c959fde2053e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
37KB

MD5
ba12d1bdf88765768033d76d427d8cba

SHA1
f3941496f4823cb176cd9318e88904dc09467e91

SHA256
bfb1351e05aa045bde2f0cc2e614ac3918d4e9b43ea224d9775a8c9a4e010867

SHA512
0363c72b6c691606169a06fbe9ed479adc2b140791f2a3d0340fc49042b31732ec0f4970d00fb1b1da1c70a8fa132cd4f284cb0d81dfc7607a3c959fde2053e0

Download Submit
\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
37KB

MD5
ba12d1bdf88765768033d76d427d8cba

SHA1
f3941496f4823cb176cd9318e88904dc09467e91

SHA256
bfb1351e05aa045bde2f0cc2e614ac3918d4e9b43ea224d9775a8c9a4e010867

SHA512
0363c72b6c691606169a06fbe9ed479adc2b140791f2a3d0340fc49042b31732ec0f4970d00fb1b1da1c70a8fa132cd4f284cb0d81dfc7607a3c959fde2053e0

Download Submit
memory/1192-54-0x0000000000330000-0x0000000000336000-memory.dmp

Filesize
24KB

Download
memory/1192-55-0x0000000000350000-0x0000000000356000-memory.dmp

Filesize
24KB

Download
memory/2280-68-0x00000000002A0000-0x00000000002A6000-memory.dmp

Filesize
24KB

Download