Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
06-07-2023 13:07
Behavioral task
behavioral1
Sample
2c84084fdb2b73exeexeexeex.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
2c84084fdb2b73exeexeexeex.exe
Resource
win10v2004-20230703-en
General
-
Target
2c84084fdb2b73exeexeexeex.exe
-
Size
139KB
-
MD5
2c84084fdb2b73579321f724770d4294
-
SHA1
61c2d7a83efa5665a5a3134b59aaa36c4337c1c1
-
SHA256
02bb271f6c9a43ac8ae1013d9f19c8e7bcc567d82470a5cecd65ebe801851f35
-
SHA512
6ec84f5a246416145df2be12166141879cc22f8bbaca4e7ae87bd8f146ce6c04fa33dc5f675c5ef4a555616567e7946be4122a265caddc72161c1d29428b9053
-
SSDEEP
1536:z6QFElP6n+gKmddpMOtEvwDpj3GYQbN/PKwNgp699G1m3:z6a+CdOOtEvwDpjczB
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2276 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 1548 2c84084fdb2b73exeexeexeex.exe -
resource yara_rule behavioral1/files/0x0008000000012111-63.dat upx behavioral1/files/0x0008000000012111-66.dat upx behavioral1/memory/1548-67-0x0000000000500000-0x0000000000510000-memory.dmp upx behavioral1/files/0x0008000000012111-75.dat upx behavioral1/memory/2276-76-0x0000000000500000-0x0000000000510000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1548 wrote to memory of 2276 1548 2c84084fdb2b73exeexeexeex.exe 28 PID 1548 wrote to memory of 2276 1548 2c84084fdb2b73exeexeexeex.exe 28 PID 1548 wrote to memory of 2276 1548 2c84084fdb2b73exeexeexeex.exe 28 PID 1548 wrote to memory of 2276 1548 2c84084fdb2b73exeexeexeex.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2c84084fdb2b73exeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\2c84084fdb2b73exeexeexeex.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1548 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:2276
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
139KB
MD57abbc69738e07abbe33e26fbe7f024f3
SHA1930ddbf546bae4ea3348eed50f5d53c2d899b825
SHA25676206a5c132ce73ae2df67ebdfab36205998b289d50edd37c3ef7a1f89b61acc
SHA512aac45cad116a72014110cf8d088c28833eb85bfe568447f14b54db31dd602c6c43828d5687e730fd3aec7c6035fd2022928077f4d21c4e41acbb9d9fd01f9725
-
Filesize
139KB
MD57abbc69738e07abbe33e26fbe7f024f3
SHA1930ddbf546bae4ea3348eed50f5d53c2d899b825
SHA25676206a5c132ce73ae2df67ebdfab36205998b289d50edd37c3ef7a1f89b61acc
SHA512aac45cad116a72014110cf8d088c28833eb85bfe568447f14b54db31dd602c6c43828d5687e730fd3aec7c6035fd2022928077f4d21c4e41acbb9d9fd01f9725
-
Filesize
139KB
MD57abbc69738e07abbe33e26fbe7f024f3
SHA1930ddbf546bae4ea3348eed50f5d53c2d899b825
SHA25676206a5c132ce73ae2df67ebdfab36205998b289d50edd37c3ef7a1f89b61acc
SHA512aac45cad116a72014110cf8d088c28833eb85bfe568447f14b54db31dd602c6c43828d5687e730fd3aec7c6035fd2022928077f4d21c4e41acbb9d9fd01f9725