c08e4a2dc2243db3368b239368e49b9847bea664e5e24bc77145b1070180e767

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
05/07/2023, 17:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

132ce8e25e2bf4exeexeexeex.exe
Size

36KB
MD5

132ce8e25e2bf476b70597efa2c5ed91
SHA1

732240a02385f4a004589218734a82b2c96d0116
SHA256

c08e4a2dc2243db3368b239368e49b9847bea664e5e24bc77145b1070180e767
SHA512

566b6fca803c77b7cfa1ca6999910bad555e69939512fb2e0731f4e32d7322b434df8c1d76ec89ba36880cad4458bda13549431c64d1e233cc803b3bcb9bd287
SSDEEP

384:bgX4uGLLQRcsdeQ7/nQu63Ag7YmecFanrlwfjDUkKDfWf6XT+72DxL9DfryTt:bgX4zYcgTEu6QOaryfjqDlC76L9L8

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2400	hasfj.exe

Loads dropped DLL 1 IoCs

pid	Process
2184	132ce8e25e2bf4exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2400	2184	132ce8e25e2bf4exeexeexeex.exe	29
PID 2184 wrote to memory of 2400	2184	132ce8e25e2bf4exeexeexeex.exe	29
PID 2184 wrote to memory of 2400	2184	132ce8e25e2bf4exeexeexeex.exe	29
PID 2184 wrote to memory of 2400	2184	132ce8e25e2bf4exeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\132ce8e25e2bf4exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\132ce8e25e2bf4exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Users\Admin\AppData\Local\Temp\hasfj.exe
  "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
  2⤵
  - Executes dropped EXE
  PID:2400

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
36KB

MD5
8e49d63e15c84b129cb1784b632fccde

SHA1
4c040cd31760592364382858522421a747740243

SHA256
dbef4ea6e0ec5b491478576f5ff6b7150a002dfc9674fff1d97b4c38dd71576f

SHA512
29be2ddb1bb07fceceeaf7b171ff5f04e2c37e60f0965c29811d448f838c09e1b45419c9f6b7cce597cfc81acf47b501264747d6d2354fa990df4970a2c760b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
36KB

MD5
8e49d63e15c84b129cb1784b632fccde

SHA1
4c040cd31760592364382858522421a747740243

SHA256
dbef4ea6e0ec5b491478576f5ff6b7150a002dfc9674fff1d97b4c38dd71576f

SHA512
29be2ddb1bb07fceceeaf7b171ff5f04e2c37e60f0965c29811d448f838c09e1b45419c9f6b7cce597cfc81acf47b501264747d6d2354fa990df4970a2c760b1

Download Submit
\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
36KB

MD5
8e49d63e15c84b129cb1784b632fccde

SHA1
4c040cd31760592364382858522421a747740243

SHA256
dbef4ea6e0ec5b491478576f5ff6b7150a002dfc9674fff1d97b4c38dd71576f

SHA512
29be2ddb1bb07fceceeaf7b171ff5f04e2c37e60f0965c29811d448f838c09e1b45419c9f6b7cce597cfc81acf47b501264747d6d2354fa990df4970a2c760b1

Download Submit
memory/2184-54-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2184-55-0x00000000002A0000-0x00000000002A6000-memory.dmp

Filesize
24KB

Download
memory/2400-68-0x00000000005C0000-0x00000000005C6000-memory.dmp

Filesize
24KB

Download