5a2b48a69e626d6eadbfe0ffc90af996e988333119e445afb42f7b00fc97baae

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20230705-en
resource tags

arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system
submitted
05/07/2023, 17:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

147fec435fb0b6exeexeexeex.exe
Size

35KB
MD5

147fec435fb0b62ab8f9e66f4c70deba
SHA1

649c8181d7b8256b8fa950e64a3d0e47522ea72c
SHA256

5a2b48a69e626d6eadbfe0ffc90af996e988333119e445afb42f7b00fc97baae
SHA512

a9c585d7ec02aec707e583337f4157f46c31e6d4be49fd9da77157ecc0b38e413080b82795b4a02553d8ef78013f9da0e5ce5f970c6b9a48f0e6afbff3d028ba
SSDEEP

384:bgX4uGLLQRcsdeQ7/nQu63Ag7YmecFanrlwfjDUkKDfWf6XT+0vJsghbZ/bi:bgX4zYcgTEu6QOaryfjqDlC6JtbZ/O

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2944	hasfj.exe

Loads dropped DLL 1 IoCs

pid	Process
3044	147fec435fb0b6exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2944	3044	147fec435fb0b6exeexeexeex.exe	27
PID 3044 wrote to memory of 2944	3044	147fec435fb0b6exeexeexeex.exe	27
PID 3044 wrote to memory of 2944	3044	147fec435fb0b6exeexeexeex.exe	27
PID 3044 wrote to memory of 2944	3044	147fec435fb0b6exeexeexeex.exe	27

C:\Users\Admin\AppData\Local\Temp\147fec435fb0b6exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\147fec435fb0b6exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Users\Admin\AppData\Local\Temp\hasfj.exe
  "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
  2⤵
  - Executes dropped EXE
  PID:2944

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
35KB

MD5
c9b11ddc6f1f2a22816d1a4ed41db74d

SHA1
eae809afaa1a652df20e26f6b3f371327c2d9b72

SHA256
161ac2b7033b319d664aef91ae5aff46fe1fef0dca4c50f5e04210910faadd85

SHA512
033c23c626be508882e7f7f9b4d2db5095b785ea1bf4d0edb15e3f21c50d777b1184dfb9aa6ee6dd9b85e9548e31740c54d1fd7ed5664225235f304fe9243f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
35KB

MD5
c9b11ddc6f1f2a22816d1a4ed41db74d

SHA1
eae809afaa1a652df20e26f6b3f371327c2d9b72

SHA256
161ac2b7033b319d664aef91ae5aff46fe1fef0dca4c50f5e04210910faadd85

SHA512
033c23c626be508882e7f7f9b4d2db5095b785ea1bf4d0edb15e3f21c50d777b1184dfb9aa6ee6dd9b85e9548e31740c54d1fd7ed5664225235f304fe9243f62

Download Submit
\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
35KB

MD5
c9b11ddc6f1f2a22816d1a4ed41db74d

SHA1
eae809afaa1a652df20e26f6b3f371327c2d9b72

SHA256
161ac2b7033b319d664aef91ae5aff46fe1fef0dca4c50f5e04210910faadd85

SHA512
033c23c626be508882e7f7f9b4d2db5095b785ea1bf4d0edb15e3f21c50d777b1184dfb9aa6ee6dd9b85e9548e31740c54d1fd7ed5664225235f304fe9243f62

Download Submit
memory/2944-68-0x0000000000470000-0x0000000000476000-memory.dmp

Filesize
24KB

Download
memory/3044-54-0x0000000000350000-0x0000000000356000-memory.dmp

Filesize
24KB

Download
memory/3044-55-0x0000000000590000-0x0000000000596000-memory.dmp

Filesize
24KB

Download