d156666b72a4a77dc996c41ce588e651e842b5fa810a2a3ce98a7c1fb7214d34

Analysis

max time kernel
147s
max time network
150s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
06/07/2023, 16:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e09d2deddf870exeexeexeex.exe
Size

146KB
MD5

3e09d2deddf8700130e68f08497c203e
SHA1

f59edff959010b85d3fd4ca310e98ef2ab0e1a5f
SHA256

d156666b72a4a77dc996c41ce588e651e842b5fa810a2a3ce98a7c1fb7214d34
SHA512

e18ad9a3bf514f85ee5e0ecdd9b0917c5a91010e24ee739230768fe2a65c9aab028d388152576f39225a8d3a2edc05a623bd96e0da64fd103a9826d4828f7273
SSDEEP

1536:V6QFElP6n+gMQMOtEvwDpjQGYQbxGYQbxGYQbPlooNL:V6a+pOtEvwDpjt22X

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2948	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2320	3e09d2deddf870exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2948	2320	3e09d2deddf870exeexeexeex.exe	29
PID 2320 wrote to memory of 2948	2320	3e09d2deddf870exeexeexeex.exe	29
PID 2320 wrote to memory of 2948	2320	3e09d2deddf870exeexeexeex.exe	29
PID 2320 wrote to memory of 2948	2320	3e09d2deddf870exeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\3e09d2deddf870exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\3e09d2deddf870exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2948

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
146KB

MD5
fa54d61d89aa40d0c24d1c36390c0f27

SHA1
fe3777039b4039873a9e0bb38d07cf01e5b64e2a

SHA256
49868564f5270d4774e4db7eaa73c232bda745e516944bf3ec4a07854f429c33

SHA512
3d62c402142a89c3a0fba1dd6846bbaadd1d0b9b928f79289ba488b0873528299f0b644bfdfd6bbe982eb02753da5013769c008f808ba48fcc07273ee4b37658

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
146KB

MD5
fa54d61d89aa40d0c24d1c36390c0f27

SHA1
fe3777039b4039873a9e0bb38d07cf01e5b64e2a

SHA256
49868564f5270d4774e4db7eaa73c232bda745e516944bf3ec4a07854f429c33

SHA512
3d62c402142a89c3a0fba1dd6846bbaadd1d0b9b928f79289ba488b0873528299f0b644bfdfd6bbe982eb02753da5013769c008f808ba48fcc07273ee4b37658

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
146KB

MD5
fa54d61d89aa40d0c24d1c36390c0f27

SHA1
fe3777039b4039873a9e0bb38d07cf01e5b64e2a

SHA256
49868564f5270d4774e4db7eaa73c232bda745e516944bf3ec4a07854f429c33

SHA512
3d62c402142a89c3a0fba1dd6846bbaadd1d0b9b928f79289ba488b0873528299f0b644bfdfd6bbe982eb02753da5013769c008f808ba48fcc07273ee4b37658

Download Submit
memory/2320-54-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2320-55-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2948-68-0x00000000002F0000-0x00000000002F6000-memory.dmp

Filesize
24KB

Download