e2f0be2fdee4424ee86ab73c88b847a6b7761e970a35a73360ecd49bb34cdc38

Analysis

max time kernel
148s
max time network
152s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
06/07/2023, 11:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

245b1fe5b1dcfbexeexeexeex.exe
Size

46KB
MD5

245b1fe5b1dcfbfe1a02c2efb9c93369
SHA1

8636fa59507f938781a47b97dfbc0342d1ab10a9
SHA256

e2f0be2fdee4424ee86ab73c88b847a6b7761e970a35a73360ecd49bb34cdc38
SHA512

2f874898ab3a3cd31490610ea9c36e5f0798182cef2ffbfa786c3a4f5198d3133fd67e622c34faea13776d59a69dc6aa9025db296fd8a16ba5fc7ab7496c4af0
SSDEEP

768:bIDOw9UiaCHfjnE0Sfa7ilR0p9u6p4Uu6EIZPm83+3:bIDOw9a0DwitDwIZb3+3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1576	lossy.exe

Loads dropped DLL 1 IoCs

pid	Process
2196	245b1fe5b1dcfbexeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 1576	2196	245b1fe5b1dcfbexeexeexeex.exe	29
PID 2196 wrote to memory of 1576	2196	245b1fe5b1dcfbexeexeexeex.exe	29
PID 2196 wrote to memory of 1576	2196	245b1fe5b1dcfbexeexeexeex.exe	29
PID 2196 wrote to memory of 1576	2196	245b1fe5b1dcfbexeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\245b1fe5b1dcfbexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\245b1fe5b1dcfbexeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Users\Admin\AppData\Local\Temp\lossy.exe
  "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
  2⤵
  - Executes dropped EXE
  PID:1576

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
46KB

MD5
dcf0088d67b1efe35f81b872be83ea5d

SHA1
db8c7a3625ee58f37af09cf9d369851b87efe081

SHA256
9f2567a9619f33a85968eb691eaf5dde7f19462136e6abae9eb37ceea287431e

SHA512
78e1e3f58ddf15e1afd840ecf63d4aad2c0df51b2eeb1bfef8ba00e5b97ed55d65bc6d0e51b9769bd214768ef1004a653eaa2f69288685e614226fe576c503f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
46KB

MD5
dcf0088d67b1efe35f81b872be83ea5d

SHA1
db8c7a3625ee58f37af09cf9d369851b87efe081

SHA256
9f2567a9619f33a85968eb691eaf5dde7f19462136e6abae9eb37ceea287431e

SHA512
78e1e3f58ddf15e1afd840ecf63d4aad2c0df51b2eeb1bfef8ba00e5b97ed55d65bc6d0e51b9769bd214768ef1004a653eaa2f69288685e614226fe576c503f8

Download Submit
\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
46KB

MD5
dcf0088d67b1efe35f81b872be83ea5d

SHA1
db8c7a3625ee58f37af09cf9d369851b87efe081

SHA256
9f2567a9619f33a85968eb691eaf5dde7f19462136e6abae9eb37ceea287431e

SHA512
78e1e3f58ddf15e1afd840ecf63d4aad2c0df51b2eeb1bfef8ba00e5b97ed55d65bc6d0e51b9769bd214768ef1004a653eaa2f69288685e614226fe576c503f8

Download Submit
memory/1576-68-0x0000000000330000-0x0000000000336000-memory.dmp

Filesize
24KB

Download
memory/2196-54-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2196-55-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download