80a36bdaf3a6beafffd4d8880aaaeec0b38fbb8528385ebb6aad24eea2fd7978

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
06/07/2023, 16:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e41a0f4a27f1fexeexeexeex.exe
Size

35KB
MD5

3e41a0f4a27f1fab532dd1888aa49e13
SHA1

7b1b12f9e4cfb71d0d0e522b245925a605c4a5b5
SHA256

80a36bdaf3a6beafffd4d8880aaaeec0b38fbb8528385ebb6aad24eea2fd7978
SHA512

31030918cc0c83009966eeec9b7a95406d65165ee2d6be444ece7702e374cd8d88689207cbcbc3b0ced78bb0eac7406db65ef3265de4eca53c7469e39c3b2e5d
SSDEEP

384:bgX4uGLLQRcsdeQ7/nQu63Ag7YmecFanrlwfjDUkKDfWf0w3Yxp4Hxp1yf:bgX4zYcgTEu6QOaryfjqDDw30G1yf

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1688	hasfj.exe

Loads dropped DLL 1 IoCs

pid	Process
2176	3e41a0f4a27f1fexeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 1688	2176	3e41a0f4a27f1fexeexeexeex.exe	28
PID 2176 wrote to memory of 1688	2176	3e41a0f4a27f1fexeexeexeex.exe	28
PID 2176 wrote to memory of 1688	2176	3e41a0f4a27f1fexeexeexeex.exe	28
PID 2176 wrote to memory of 1688	2176	3e41a0f4a27f1fexeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\3e41a0f4a27f1fexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\3e41a0f4a27f1fexeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Users\Admin\AppData\Local\Temp\hasfj.exe
  "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
  2⤵
  - Executes dropped EXE
  PID:1688

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
35KB

MD5
eeb7d6f022acad921b9ea0c1e2d88ea1

SHA1
eb227dceadba222905b825e9a4407104321a79e6

SHA256
c9cb4302e05979b70ac4abd4d8d83144c88d3ce9fd381d5d88b1e2cb1915c3fe

SHA512
04ccec970d6c01b9ea079c3c29c9fb424fa29ee7e86deb2fc97c8b557254e8605a512c58138d14b4bdb9ab8f7c724e6b63f868d8ce52779ad99b268b7e90a635

Download Submit
C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
35KB

MD5
eeb7d6f022acad921b9ea0c1e2d88ea1

SHA1
eb227dceadba222905b825e9a4407104321a79e6

SHA256
c9cb4302e05979b70ac4abd4d8d83144c88d3ce9fd381d5d88b1e2cb1915c3fe

SHA512
04ccec970d6c01b9ea079c3c29c9fb424fa29ee7e86deb2fc97c8b557254e8605a512c58138d14b4bdb9ab8f7c724e6b63f868d8ce52779ad99b268b7e90a635

Download Submit
\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
35KB

MD5
eeb7d6f022acad921b9ea0c1e2d88ea1

SHA1
eb227dceadba222905b825e9a4407104321a79e6

SHA256
c9cb4302e05979b70ac4abd4d8d83144c88d3ce9fd381d5d88b1e2cb1915c3fe

SHA512
04ccec970d6c01b9ea079c3c29c9fb424fa29ee7e86deb2fc97c8b557254e8605a512c58138d14b4bdb9ab8f7c724e6b63f868d8ce52779ad99b268b7e90a635

Download Submit
memory/1688-68-0x0000000000380000-0x0000000000386000-memory.dmp

Filesize
24KB

Download
memory/2176-54-0x0000000000490000-0x0000000000496000-memory.dmp

Filesize
24KB

Download
memory/2176-55-0x00000000004C0000-0x00000000004C6000-memory.dmp

Filesize
24KB

Download