45990813f405ba4a5ad352cc62d06f91bceae4acf1b029899898dbedcf258daa

Analysis

max time kernel
136s
max time network
146s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
06-07-2023 13:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3de49f89c97f9cexeexeexeex.exe
Size

37KB
MD5

3de49f89c97f9c34cca529b7da591281
SHA1

46a2f221e79a6f5f9ca31a5fba1ad3a943a2a44e
SHA256

45990813f405ba4a5ad352cc62d06f91bceae4acf1b029899898dbedcf258daa
SHA512

4d2134d71ba48a66fdf8d7f066dcf45a3e953d72aaa7abd37b726d7043e3ae0612b486b73e14339be592ea0b44c5ac2f17e47406d1f52df1ae3593c8dd67ea31
SSDEEP

768:vQz7yVEhs9+js1SQtOOtEvwDpjz9+4RELLJsdo3VmcV/:vj+jsMQMOtEvwDpj5H+JswQe/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3044	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1616	3de49f89c97f9cexeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 3044	1616	3de49f89c97f9cexeexeexeex.exe	28
PID 1616 wrote to memory of 3044	1616	3de49f89c97f9cexeexeexeex.exe	28
PID 1616 wrote to memory of 3044	1616	3de49f89c97f9cexeexeexeex.exe	28
PID 1616 wrote to memory of 3044	1616	3de49f89c97f9cexeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\3de49f89c97f9cexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\3de49f89c97f9cexeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:3044

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
38KB

MD5
9cb8b9cfe4b72e1daa2547a954c4b2fe

SHA1
061a7ff7bc8fc9b5a069d150d4ae708dc4973623

SHA256
952de9e78b4738a7d15f03757299d4715d344dceb1ab1ba68e821e5f513189f0

SHA512
666cdbca2b9bc53261e16ca98a6db601e9ccc65cf8cbb0fa2d0b91c8591981d4efe4b48c387cb37959efc0b4ad704b088bb7ead8fa5ea3feaf5b2c2cd621f4e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
38KB

MD5
9cb8b9cfe4b72e1daa2547a954c4b2fe

SHA1
061a7ff7bc8fc9b5a069d150d4ae708dc4973623

SHA256
952de9e78b4738a7d15f03757299d4715d344dceb1ab1ba68e821e5f513189f0

SHA512
666cdbca2b9bc53261e16ca98a6db601e9ccc65cf8cbb0fa2d0b91c8591981d4efe4b48c387cb37959efc0b4ad704b088bb7ead8fa5ea3feaf5b2c2cd621f4e3

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
38KB

MD5
9cb8b9cfe4b72e1daa2547a954c4b2fe

SHA1
061a7ff7bc8fc9b5a069d150d4ae708dc4973623

SHA256
952de9e78b4738a7d15f03757299d4715d344dceb1ab1ba68e821e5f513189f0

SHA512
666cdbca2b9bc53261e16ca98a6db601e9ccc65cf8cbb0fa2d0b91c8591981d4efe4b48c387cb37959efc0b4ad704b088bb7ead8fa5ea3feaf5b2c2cd621f4e3

Download Submit
memory/1616-54-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/1616-55-0x0000000000290000-0x0000000000296000-memory.dmp

Filesize
24KB

Download
memory/3044-68-0x0000000000450000-0x0000000000456000-memory.dmp

Filesize
24KB

Download