7fe855453729831e80cdab9c84764d6f46d55d24259f980a849317f553db53e0

Analysis

max time kernel
148s
max time network
152s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
06-07-2023 13:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2efd5b977dfa28exeexeexeex.exe
Size

53KB
MD5

2efd5b977dfa28f9acbca38a8c82ab9d
SHA1

1e6af8a720c2a0bbdc4686db4699cdf6a4e2e8a4
SHA256

7fe855453729831e80cdab9c84764d6f46d55d24259f980a849317f553db53e0
SHA512

e50ed80d4de34114391dd7a89852956062cef64e08c319ff9ce07199aeeb1d3c63e1e1e46c712556a658f5c2ab72868a466eeb99ed45dfa8fc3610e190176d39
SSDEEP

1536:X6QFElP6n+gJQMOtEvwDpjBccD2RuoNmuBLS:X6a+SOtEvwDpjBrOI

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2276	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1548	2efd5b977dfa28exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1548 wrote to memory of 2276	1548	2efd5b977dfa28exeexeexeex.exe	28
PID 1548 wrote to memory of 2276	1548	2efd5b977dfa28exeexeexeex.exe	28
PID 1548 wrote to memory of 2276	1548	2efd5b977dfa28exeexeexeex.exe	28
PID 1548 wrote to memory of 2276	1548	2efd5b977dfa28exeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\2efd5b977dfa28exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\2efd5b977dfa28exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1548
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2276

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
54KB

MD5
b5afce77082c8e42676ff6c099a24dcd

SHA1
f19c3d3736dc617d0ba024238c90852b7efa6bcb

SHA256
cee75cd7f5a26dd3ab2cda90927422c166a927f30a653adc265c019a73565557

SHA512
9829f2c1a00beaaafe7630b6fd27ea3ce6fb239a5237fad1db32c5b867e92c473d8cd817c6f380284302a7741ba784dde956a1ee954f646fef2331209cb1210f

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
54KB

MD5
b5afce77082c8e42676ff6c099a24dcd

SHA1
f19c3d3736dc617d0ba024238c90852b7efa6bcb

SHA256
cee75cd7f5a26dd3ab2cda90927422c166a927f30a653adc265c019a73565557

SHA512
9829f2c1a00beaaafe7630b6fd27ea3ce6fb239a5237fad1db32c5b867e92c473d8cd817c6f380284302a7741ba784dde956a1ee954f646fef2331209cb1210f

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
54KB

MD5
b5afce77082c8e42676ff6c099a24dcd

SHA1
f19c3d3736dc617d0ba024238c90852b7efa6bcb

SHA256
cee75cd7f5a26dd3ab2cda90927422c166a927f30a653adc265c019a73565557

SHA512
9829f2c1a00beaaafe7630b6fd27ea3ce6fb239a5237fad1db32c5b867e92c473d8cd817c6f380284302a7741ba784dde956a1ee954f646fef2331209cb1210f

Download Submit
memory/1548-54-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1548-55-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2276-68-0x00000000002F0000-0x00000000002F6000-memory.dmp

Filesize
24KB

Download