60010bc85dddc7fea5aeea6cd51685f6b2f3adaffa086fc1966ec380d9b40174

Analysis

max time kernel
150s
max time network
156s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
06/07/2023, 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a01c55f1ce9cbexeexeexeex.exe
Size

104KB
MD5

2a01c55f1ce9cbcd14c29dae9280bc97
SHA1

e04aa603d15f3807a614772a6fb5f081f7a96c3d
SHA256

60010bc85dddc7fea5aeea6cd51685f6b2f3adaffa086fc1966ec380d9b40174
SHA512

681e9a7bee14498e17840ad9cb92050d9f328411b62c8ec6dfd7c6670b7524829d6644cb706063c60f476b48b8d1f003fd181338dffc9a07a59aaf39b1072e3d
SSDEEP

768:xQz7yVEhs9+4uR1bytOOtEvwDpjWfbZ7uyA36S7MpxRiWCCyDLKASkjcYC9mnQwk:xj+VGMOtEvwDpjubwQEIie8+ASkZQIy

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2940	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2336	2a01c55f1ce9cbexeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2940	2336	2a01c55f1ce9cbexeexeexeex.exe	28
PID 2336 wrote to memory of 2940	2336	2a01c55f1ce9cbexeexeexeex.exe	28
PID 2336 wrote to memory of 2940	2336	2a01c55f1ce9cbexeexeexeex.exe	28
PID 2336 wrote to memory of 2940	2336	2a01c55f1ce9cbexeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\2a01c55f1ce9cbexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\2a01c55f1ce9cbexeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2940

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
104KB

MD5
100c5435af6bec19fcefc1582d9620de

SHA1
20b1ddb3918e63c75e6f7696a0cd440f76b5d3e8

SHA256
d3f51c460094d0eed6194d8aff986108c93933711a897b3c4ae9589f3fbeba5b

SHA512
dd6261f771fbdbc0eadca091b10dd184ea04d6c6c6beaf576c71eccd6d7516e69aa675cbb210e3a86a989a6e5ed83f55ee853b840c36ba5d5f3703ba5f765a57

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
104KB

MD5
100c5435af6bec19fcefc1582d9620de

SHA1
20b1ddb3918e63c75e6f7696a0cd440f76b5d3e8

SHA256
d3f51c460094d0eed6194d8aff986108c93933711a897b3c4ae9589f3fbeba5b

SHA512
dd6261f771fbdbc0eadca091b10dd184ea04d6c6c6beaf576c71eccd6d7516e69aa675cbb210e3a86a989a6e5ed83f55ee853b840c36ba5d5f3703ba5f765a57

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
104KB

MD5
100c5435af6bec19fcefc1582d9620de

SHA1
20b1ddb3918e63c75e6f7696a0cd440f76b5d3e8

SHA256
d3f51c460094d0eed6194d8aff986108c93933711a897b3c4ae9589f3fbeba5b

SHA512
dd6261f771fbdbc0eadca091b10dd184ea04d6c6c6beaf576c71eccd6d7516e69aa675cbb210e3a86a989a6e5ed83f55ee853b840c36ba5d5f3703ba5f765a57

Download Submit
memory/2336-54-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2336-55-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/2336-67-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2940-69-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2940-76-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download