16b85b5b65e89a360ce08ce076c55e5b0dfa4b635c6962bce3e1e20c8c9a4b68

Analysis

max time kernel
150s
max time network
152s
platform
windows7_x64
resource
win7-20230705-en
resource tags

arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system
submitted
06-07-2023 16:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3dc4b41ed482efexeexeexeex.exe
Size

90KB
MD5

3dc4b41ed482efb6a5ff7395b69debad
SHA1

27f30d427f9dff4d94ab009be374c1ac53ff2869
SHA256

16b85b5b65e89a360ce08ce076c55e5b0dfa4b635c6962bce3e1e20c8c9a4b68
SHA512

1462b5178901cc79e5eef4eaa202012cd66279694431470e142047ea358504c821e5ddb8ca5b84c7454133b3e0b8de13fa6b4b542d1b90a7a1f79206c4ddb1bb
SSDEEP

1536:V6QFElP6n+gMQMOtEvwDpjQGYQbNcqamvWLm/:V6a+pOtEvwDpjtl

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2140	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2156	3dc4b41ed482efexeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2140	2156	3dc4b41ed482efexeexeexeex.exe	27
PID 2156 wrote to memory of 2140	2156	3dc4b41ed482efexeexeexeex.exe	27
PID 2156 wrote to memory of 2140	2156	3dc4b41ed482efexeexeexeex.exe	27
PID 2156 wrote to memory of 2140	2156	3dc4b41ed482efexeexeexeex.exe	27

C:\Users\Admin\AppData\Local\Temp\3dc4b41ed482efexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\3dc4b41ed482efexeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2140

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
90KB

MD5
023aa1bd32012a6c0657bc821783f71f

SHA1
90ed5b7c58f2f3bcb33fd44da18b822ab538f31c

SHA256
d9e7ae4c9930160c62a39cde6c63e7679cc68d8a4dac062bf1d93bcd61c41e18

SHA512
de2e80b39c7f6ecc223af30c6455a48484a01708713f91b0e67fc18446b23f919971bfbc605ea1e44dfbd666600898d28b4bc2b555a144ad617adc93b873e0d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
90KB

MD5
023aa1bd32012a6c0657bc821783f71f

SHA1
90ed5b7c58f2f3bcb33fd44da18b822ab538f31c

SHA256
d9e7ae4c9930160c62a39cde6c63e7679cc68d8a4dac062bf1d93bcd61c41e18

SHA512
de2e80b39c7f6ecc223af30c6455a48484a01708713f91b0e67fc18446b23f919971bfbc605ea1e44dfbd666600898d28b4bc2b555a144ad617adc93b873e0d7

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
90KB

MD5
023aa1bd32012a6c0657bc821783f71f

SHA1
90ed5b7c58f2f3bcb33fd44da18b822ab538f31c

SHA256
d9e7ae4c9930160c62a39cde6c63e7679cc68d8a4dac062bf1d93bcd61c41e18

SHA512
de2e80b39c7f6ecc223af30c6455a48484a01708713f91b0e67fc18446b23f919971bfbc605ea1e44dfbd666600898d28b4bc2b555a144ad617adc93b873e0d7

Download Submit
memory/2140-68-0x0000000000290000-0x0000000000296000-memory.dmp

Filesize
24KB

Download
memory/2156-54-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2156-55-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download