57d5ed52507125624a5e2a0a0b02fa7a053820929fb2a6bb85532191f58f2c15

Analysis

max time kernel
149s
max time network
152s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
06/07/2023, 14:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3061194d5616f6exeexeexeex.exe
Size

42KB
MD5

3061194d5616f6dc581af2ecaede90b0
SHA1

7aa1c8d7bb6500e60da185a5e00c2373842b528a
SHA256

57d5ed52507125624a5e2a0a0b02fa7a053820929fb2a6bb85532191f58f2c15
SHA512

f0469bacf776c940664344947a4abd82920173ed475ea818c2d04b4ced02cea2852021d1a9d5a4b3c82b5ba00b76f28bee6719a8c0aeaecc1f3031bc1301248e
SSDEEP

768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBVajSKm5uzOH7s2Jx:X6QFElP6n+gJQMOtEvwDpjBcSKm5uGP

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2352	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2052	3061194d5616f6exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2352	2052	3061194d5616f6exeexeexeex.exe	28
PID 2052 wrote to memory of 2352	2052	3061194d5616f6exeexeexeex.exe	28
PID 2052 wrote to memory of 2352	2052	3061194d5616f6exeexeexeex.exe	28
PID 2052 wrote to memory of 2352	2052	3061194d5616f6exeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\3061194d5616f6exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\3061194d5616f6exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2352

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
42KB

MD5
676eb80027d24f6c3dbca578ac19eab3

SHA1
866ec2d4721b21bb17d95509779ec8b20c161741

SHA256
8e8a98c6c5e754fef6048e2248c81169f3b05c56715f3cebfa71800535786266

SHA512
fc21b22c5d3825169fd5843ed82befdc41845c693600f0bd177336ece44b653a36cb3012a4cd118952d8519aa0b63c17395f3c70394bbc110ad4cf4a11e4a568

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
42KB

MD5
676eb80027d24f6c3dbca578ac19eab3

SHA1
866ec2d4721b21bb17d95509779ec8b20c161741

SHA256
8e8a98c6c5e754fef6048e2248c81169f3b05c56715f3cebfa71800535786266

SHA512
fc21b22c5d3825169fd5843ed82befdc41845c693600f0bd177336ece44b653a36cb3012a4cd118952d8519aa0b63c17395f3c70394bbc110ad4cf4a11e4a568

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
42KB

MD5
676eb80027d24f6c3dbca578ac19eab3

SHA1
866ec2d4721b21bb17d95509779ec8b20c161741

SHA256
8e8a98c6c5e754fef6048e2248c81169f3b05c56715f3cebfa71800535786266

SHA512
fc21b22c5d3825169fd5843ed82befdc41845c693600f0bd177336ece44b653a36cb3012a4cd118952d8519aa0b63c17395f3c70394bbc110ad4cf4a11e4a568

Download Submit
memory/2052-54-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2052-55-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/2352-68-0x0000000000450000-0x0000000000456000-memory.dmp

Filesize
24KB

Download