d30d10bde639da036924bf13bdfa5078b392ea5e31fa6bb4b3747badafaa9d48

Analysis

max time kernel
149s
max time network
154s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
05-07-2023 17:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17756889e56967exeexeexeex.exe
Size

35KB
MD5

17756889e569675ece80b90d855a32b2
SHA1

545642b90a3338798ac3b958c626105a8a1eae0e
SHA256

d30d10bde639da036924bf13bdfa5078b392ea5e31fa6bb4b3747badafaa9d48
SHA512

3477c52ac91cf594fd6aeecbfd1fed33eab4347aed144534bbd4c23c844f07d7065569924f41f7fbe18a003fc10c39c61c0201734ab4cf9f0b77d8c3bfabea94
SSDEEP

384:bgX4uGLLQRcsdeQ7/nQu63Ag7YmecFanrlwfjDUkKDfWf6XT+0vJsg5b5UTXm:bgX4zYcgTEu6QOaryfjqDlC6JFbKq

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2276	hasfj.exe

Loads dropped DLL 1 IoCs

pid	Process
3060	17756889e56967exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 2276	3060	17756889e56967exeexeexeex.exe	29
PID 3060 wrote to memory of 2276	3060	17756889e56967exeexeexeex.exe	29
PID 3060 wrote to memory of 2276	3060	17756889e56967exeexeexeex.exe	29
PID 3060 wrote to memory of 2276	3060	17756889e56967exeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\17756889e56967exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\17756889e56967exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Users\Admin\AppData\Local\Temp\hasfj.exe
  "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
  2⤵
  - Executes dropped EXE
  PID:2276

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
35KB

MD5
2a3062717c71c37d519d8b3c3a288b74

SHA1
854a68f40d9a6a3beb63c6feebf488018d2310c9

SHA256
2f789dc958da480e9e269ed34f7c08c8af635e63eff27fe22effa69e144918ac

SHA512
852413806af081573e49e009fd868de663c5f606921abc1846d7b3f9d79f1de7870c2c6344765ebf2e6f6ea24dfd10821262eaaad61beba865513669193c85c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
35KB

MD5
2a3062717c71c37d519d8b3c3a288b74

SHA1
854a68f40d9a6a3beb63c6feebf488018d2310c9

SHA256
2f789dc958da480e9e269ed34f7c08c8af635e63eff27fe22effa69e144918ac

SHA512
852413806af081573e49e009fd868de663c5f606921abc1846d7b3f9d79f1de7870c2c6344765ebf2e6f6ea24dfd10821262eaaad61beba865513669193c85c1

Download Submit
\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
35KB

MD5
2a3062717c71c37d519d8b3c3a288b74

SHA1
854a68f40d9a6a3beb63c6feebf488018d2310c9

SHA256
2f789dc958da480e9e269ed34f7c08c8af635e63eff27fe22effa69e144918ac

SHA512
852413806af081573e49e009fd868de663c5f606921abc1846d7b3f9d79f1de7870c2c6344765ebf2e6f6ea24dfd10821262eaaad61beba865513669193c85c1

Download Submit
memory/2276-68-0x00000000002B0000-0x00000000002B6000-memory.dmp

Filesize
24KB

Download
memory/3060-54-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/3060-55-0x0000000001C20000-0x0000000001C26000-memory.dmp

Filesize
24KB

Download