2e5123b9dac809951eba9370584392b2b90e4bc3be545ea51c335ed2acccc2d7

Analysis

max time kernel
146s
max time network
149s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
06/07/2023, 16:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3bdd4a43a913f1exeexeexeex.exe
Size

55KB
MD5

3bdd4a43a913f13a15f3554442963492
SHA1

7d138331565e57f9c37bb623579da72848d7f526
SHA256

2e5123b9dac809951eba9370584392b2b90e4bc3be545ea51c335ed2acccc2d7
SHA512

4eaa74598bf59c04cc32f19dbd076f631d7013b60009859cbaf34f3b4e28717b2edb7842c46f07d37f04b1ca5e09c7efa8f54906d2856a8fbf3e032f00425818
SSDEEP

1536:V6QFElP6n+gMQMOtEvwDpjyaLccCKdulcrJ/:V6a+pOtEvwDpjv9l

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2304	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2336	3bdd4a43a913f1exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2304	2336	3bdd4a43a913f1exeexeexeex.exe	29
PID 2336 wrote to memory of 2304	2336	3bdd4a43a913f1exeexeexeex.exe	29
PID 2336 wrote to memory of 2304	2336	3bdd4a43a913f1exeexeexeex.exe	29
PID 2336 wrote to memory of 2304	2336	3bdd4a43a913f1exeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\3bdd4a43a913f1exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\3bdd4a43a913f1exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2304

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
56KB

MD5
c6968c6dfe1c51c71304282759e138c2

SHA1
2a5c68846c8adca1722f7af1358643358c3dc632

SHA256
3a4b15a528ba1523e1e604e695a7c10fc783fd54e4a6489ecf6d98680448de5b

SHA512
85fc1f3b0019467ae36b000928b988505e7e5a8c5f2752b3088b3cebdfde60363806842476e6cac5a2e2d748ee57d0281bf1a04ac7d27b3ead098fca295e03c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
56KB

MD5
c6968c6dfe1c51c71304282759e138c2

SHA1
2a5c68846c8adca1722f7af1358643358c3dc632

SHA256
3a4b15a528ba1523e1e604e695a7c10fc783fd54e4a6489ecf6d98680448de5b

SHA512
85fc1f3b0019467ae36b000928b988505e7e5a8c5f2752b3088b3cebdfde60363806842476e6cac5a2e2d748ee57d0281bf1a04ac7d27b3ead098fca295e03c6

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
56KB

MD5
c6968c6dfe1c51c71304282759e138c2

SHA1
2a5c68846c8adca1722f7af1358643358c3dc632

SHA256
3a4b15a528ba1523e1e604e695a7c10fc783fd54e4a6489ecf6d98680448de5b

SHA512
85fc1f3b0019467ae36b000928b988505e7e5a8c5f2752b3088b3cebdfde60363806842476e6cac5a2e2d748ee57d0281bf1a04ac7d27b3ead098fca295e03c6

Download Submit
memory/2304-68-0x0000000000290000-0x0000000000296000-memory.dmp

Filesize
24KB

Download
memory/2336-54-0x00000000001C0000-0x00000000001C6000-memory.dmp

Filesize
24KB

Download
memory/2336-55-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download