834dd818964a6763e2466341b3aa9e22aaf218e3c16480516b3f8c5a924125cb

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
06/07/2023, 11:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22fa94b5375bf4exeexeexeex.exe
Size

87KB
MD5

22fa94b5375bf45380dfa4383582a486
SHA1

bd98c9746b9861b5973bd42a7377ce93cdf4ac08
SHA256

834dd818964a6763e2466341b3aa9e22aaf218e3c16480516b3f8c5a924125cb
SHA512

69e1986fc719d6b5bc3a6aaf921ff867828162e27af10d081725e51cef40ba7af3782d6515056e0760e9e2dce21402968d1a21d795d2be823a4e0622b625e23e
SSDEEP

1536:vj+jsMQMOtEvwDpj5H8u8rBN6nqEZNieRpTm:vCjsIOtEvwDpj5H8zPj

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3016	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
3040	22fa94b5375bf4exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 3016	3040	22fa94b5375bf4exeexeexeex.exe	28
PID 3040 wrote to memory of 3016	3040	22fa94b5375bf4exeexeexeex.exe	28
PID 3040 wrote to memory of 3016	3040	22fa94b5375bf4exeexeexeex.exe	28
PID 3040 wrote to memory of 3016	3040	22fa94b5375bf4exeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\22fa94b5375bf4exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\22fa94b5375bf4exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:3016

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
87KB

MD5
6d82d1d30e0122b801642e53fd186e78

SHA1
b169fadf5a867c9d517d8a970f4dccdb928aa2c2

SHA256
2b35b64e95082bac87b2bb59d8520373d2ffaf0d9c419c2808f3b57d62e398c7

SHA512
04d3563b6324b1b762a9ab056db06c8b68750cdf286ac3c6d831db9b63c789a53dae12968fbe00aea2b3a61f0a2d727fdda31302f4702e01f1d6ad4dccd4b982

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
87KB

MD5
6d82d1d30e0122b801642e53fd186e78

SHA1
b169fadf5a867c9d517d8a970f4dccdb928aa2c2

SHA256
2b35b64e95082bac87b2bb59d8520373d2ffaf0d9c419c2808f3b57d62e398c7

SHA512
04d3563b6324b1b762a9ab056db06c8b68750cdf286ac3c6d831db9b63c789a53dae12968fbe00aea2b3a61f0a2d727fdda31302f4702e01f1d6ad4dccd4b982

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
87KB

MD5
6d82d1d30e0122b801642e53fd186e78

SHA1
b169fadf5a867c9d517d8a970f4dccdb928aa2c2

SHA256
2b35b64e95082bac87b2bb59d8520373d2ffaf0d9c419c2808f3b57d62e398c7

SHA512
04d3563b6324b1b762a9ab056db06c8b68750cdf286ac3c6d831db9b63c789a53dae12968fbe00aea2b3a61f0a2d727fdda31302f4702e01f1d6ad4dccd4b982

Download Submit
memory/3016-68-0x00000000002F0000-0x00000000002F6000-memory.dmp

Filesize
24KB

Download
memory/3040-54-0x00000000002B0000-0x00000000002B6000-memory.dmp

Filesize
24KB

Download
memory/3040-55-0x0000000000360000-0x0000000000366000-memory.dmp

Filesize
24KB

Download