583e00271af66316dce4f64aac320a1d0fb15fb4051d226a64bbaba92492ab0c

Analysis

max time kernel
149s
max time network
154s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
06-07-2023 13:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

637a9ca180c779exeexeexeex.exe
Size

96KB
MD5

637a9ca180c779f1994e088e611322b7
SHA1

c74d1aa2925530c46d51d22754cba8722b65356e
SHA256

583e00271af66316dce4f64aac320a1d0fb15fb4051d226a64bbaba92492ab0c
SHA512

4ab4a2515c4c9dacc70d6087480ec39459bc0ae91186441ccc9aebdaf8050730fd297f8b6a19352e95b7db83c9ede0265c570a698e57b0b9b4baff26f0cd294e
SSDEEP

768:XS5nQJ24LR1bytOOtEvwDpjNbZ7uyA36S7MpxRiWCCy9lI6TS:i5nkFGMOtEvwDpjNbwQEIieqA

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2536	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2076	637a9ca180c779exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2536	2076	637a9ca180c779exeexeexeex.exe	28
PID 2076 wrote to memory of 2536	2076	637a9ca180c779exeexeexeex.exe	28
PID 2076 wrote to memory of 2536	2076	637a9ca180c779exeexeexeex.exe	28
PID 2076 wrote to memory of 2536	2076	637a9ca180c779exeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\637a9ca180c779exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\637a9ca180c779exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2536

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
96KB

MD5
d352c20cd5decac86aef0224d2e23024

SHA1
0457d09b110350d8b4efa9cbc3b9366acdde99d1

SHA256
a708b285d0d510c8004506197b71c2b1e8b59b3a96959fd3e83b3d75fbd15832

SHA512
45324e55adcc1fcf5225a901c5a8f2dea74d6151829a64e11cbe0e5a3ea48f1d4407ae02c8a1d7e41ef21909b2e9348f200ad0bafdb20b9b9692fe05c8bac278

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
96KB

MD5
d352c20cd5decac86aef0224d2e23024

SHA1
0457d09b110350d8b4efa9cbc3b9366acdde99d1

SHA256
a708b285d0d510c8004506197b71c2b1e8b59b3a96959fd3e83b3d75fbd15832

SHA512
45324e55adcc1fcf5225a901c5a8f2dea74d6151829a64e11cbe0e5a3ea48f1d4407ae02c8a1d7e41ef21909b2e9348f200ad0bafdb20b9b9692fe05c8bac278

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
96KB

MD5
d352c20cd5decac86aef0224d2e23024

SHA1
0457d09b110350d8b4efa9cbc3b9366acdde99d1

SHA256
a708b285d0d510c8004506197b71c2b1e8b59b3a96959fd3e83b3d75fbd15832

SHA512
45324e55adcc1fcf5225a901c5a8f2dea74d6151829a64e11cbe0e5a3ea48f1d4407ae02c8a1d7e41ef21909b2e9348f200ad0bafdb20b9b9692fe05c8bac278

Download Submit
memory/2076-54-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2076-55-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/2076-67-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2536-69-0x00000000004C0000-0x00000000004C6000-memory.dmp

Filesize
24KB

Download
memory/2536-76-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download