62e2122a141a40c6c1339b5c989de5ef23521181d0ea00033eae72bfb777df24

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
05/07/2023, 18:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b2f91b4787ca6exeexeexeex.exe
Size

44KB
MD5

1b2f91b4787ca6e78347464a72911bac
SHA1

26d5db17f9b73f8ced2be2cd6e6c6a870e3dfa26
SHA256

62e2122a141a40c6c1339b5c989de5ef23521181d0ea00033eae72bfb777df24
SHA512

6b2d51cee2486ebb44030d971bc64f4f7ac3314dc96f769f24ffcf6fd418cc05a93491f2ae41921d248f90600589c044604dc787628689a58141dd8834d7623d
SSDEEP

768:vQz7yVEhs9+js1SQtOOtEvwDpjz9+4/Uth8iB23I/:vj+jsMQMOtEvwDpj5HczR/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
584	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2268	1b2f91b4787ca6exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 584	2268	1b2f91b4787ca6exeexeexeex.exe	29
PID 2268 wrote to memory of 584	2268	1b2f91b4787ca6exeexeexeex.exe	29
PID 2268 wrote to memory of 584	2268	1b2f91b4787ca6exeexeexeex.exe	29
PID 2268 wrote to memory of 584	2268	1b2f91b4787ca6exeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\1b2f91b4787ca6exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\1b2f91b4787ca6exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:584

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
44KB

MD5
807f402cb65fea9e278e9e1999300caf

SHA1
dcb0569b5430d9532a0803fa9676c5ea27b6f8b2

SHA256
6956939cd62a165e96c2977a0deedb455f28b9165ed8b711a393be1c47a17fb3

SHA512
850fe930436cc84d27e496e1051ee31c24ee17cabc42a41bbae600c60a2d87a983101f1c6a21bfd454c4736cc33e2adf3be8eb312e5d3e4ff36060ded8649237

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
44KB

MD5
807f402cb65fea9e278e9e1999300caf

SHA1
dcb0569b5430d9532a0803fa9676c5ea27b6f8b2

SHA256
6956939cd62a165e96c2977a0deedb455f28b9165ed8b711a393be1c47a17fb3

SHA512
850fe930436cc84d27e496e1051ee31c24ee17cabc42a41bbae600c60a2d87a983101f1c6a21bfd454c4736cc33e2adf3be8eb312e5d3e4ff36060ded8649237

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
44KB

MD5
807f402cb65fea9e278e9e1999300caf

SHA1
dcb0569b5430d9532a0803fa9676c5ea27b6f8b2

SHA256
6956939cd62a165e96c2977a0deedb455f28b9165ed8b711a393be1c47a17fb3

SHA512
850fe930436cc84d27e496e1051ee31c24ee17cabc42a41bbae600c60a2d87a983101f1c6a21bfd454c4736cc33e2adf3be8eb312e5d3e4ff36060ded8649237

Download Submit
memory/584-68-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/2268-54-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2268-55-0x00000000002F0000-0x00000000002F6000-memory.dmp

Filesize
24KB

Download