495887fff91695a741ecbcffe7abfafcf14ca0eea09f9d3f0b4d0ee4fe75d6c6

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
06/07/2023, 14:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30615731e2c751exeexeexeex.exe
Size

52KB
MD5

30615731e2c7513fbb82d06b583efc64
SHA1

0e3080996d2e1392a8ddfc1afa3cdaaa54835e87
SHA256

495887fff91695a741ecbcffe7abfafcf14ca0eea09f9d3f0b4d0ee4fe75d6c6
SHA512

db9f6343760970906b78bf8f13c252463dfbad088a4a2fc27d86f7f72971991889b674db6edd761fe091459b22c7bae77bc2ab666bb95da086d7215962d4786d
SSDEEP

768:6Qz7yVEhs9+4OR7tOOtEvwDpjLHqPOYRmNxtYzWkMz:6j+1NMOtEvwDpjr8ox6ZMz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1276	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
3036	30615731e2c751exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 1276	3036	30615731e2c751exeexeexeex.exe	28
PID 3036 wrote to memory of 1276	3036	30615731e2c751exeexeexeex.exe	28
PID 3036 wrote to memory of 1276	3036	30615731e2c751exeexeexeex.exe	28
PID 3036 wrote to memory of 1276	3036	30615731e2c751exeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\30615731e2c751exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\30615731e2c751exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:1276

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
52KB

MD5
4488cc50d498b33b00c685bbd57a930e

SHA1
8cc3209bedce49cc8608f41c20af12257c22c1fd

SHA256
204ef3bd42912698193d63adafdf513a2cc6a36feb11beac4a4314d0d1c73e1c

SHA512
5a060034dea02d05a0c6a8f9c6d6afec12246ce2578e78b5ad34a7fbd8bed49861a99ea0d59b34068b01f0ce44029a5b8d81d61c607628d9a08951677ec84914

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
52KB

MD5
4488cc50d498b33b00c685bbd57a930e

SHA1
8cc3209bedce49cc8608f41c20af12257c22c1fd

SHA256
204ef3bd42912698193d63adafdf513a2cc6a36feb11beac4a4314d0d1c73e1c

SHA512
5a060034dea02d05a0c6a8f9c6d6afec12246ce2578e78b5ad34a7fbd8bed49861a99ea0d59b34068b01f0ce44029a5b8d81d61c607628d9a08951677ec84914

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
52KB

MD5
4488cc50d498b33b00c685bbd57a930e

SHA1
8cc3209bedce49cc8608f41c20af12257c22c1fd

SHA256
204ef3bd42912698193d63adafdf513a2cc6a36feb11beac4a4314d0d1c73e1c

SHA512
5a060034dea02d05a0c6a8f9c6d6afec12246ce2578e78b5ad34a7fbd8bed49861a99ea0d59b34068b01f0ce44029a5b8d81d61c607628d9a08951677ec84914

Download Submit
memory/1276-69-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/1276-76-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/3036-54-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/3036-55-0x0000000000490000-0x0000000000496000-memory.dmp

Filesize
24KB

Download
memory/3036-67-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download