64bcc8290be57aad4b13b2ad22c12fa4a5a61e716ef249d469fb9865d1f55520

Analysis

max time kernel
137s
max time network
145s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
06/07/2023, 17:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45b134bd835c85exeexeexeex.exe
Size

47KB
MD5

45b134bd835c857cb139c870cfb0ccea
SHA1

13d3aa69a5c15c732aacc57eb39e02d01ba8dcac
SHA256

64bcc8290be57aad4b13b2ad22c12fa4a5a61e716ef249d469fb9865d1f55520
SHA512

aec573fcfd9595deddb21d16d59b6d658d2cbe88975bcdf28b9f5edba08d43a985a1b04d578573347cdf772c015241ac78aeb34303a9a1f6bd84c3546836eb99
SSDEEP

768:UEEmoQDj/xnMp+yptndwe/PWQtOOtEvwDpjZ1UKXJ0ToBpS5aL:ZzFbxmLPWQMOtEvwDpjbtJ0gMu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2020	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2176	45b134bd835c85exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2020	2176	45b134bd835c85exeexeexeex.exe	28
PID 2176 wrote to memory of 2020	2176	45b134bd835c85exeexeexeex.exe	28
PID 2176 wrote to memory of 2020	2176	45b134bd835c85exeexeexeex.exe	28
PID 2176 wrote to memory of 2020	2176	45b134bd835c85exeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\45b134bd835c85exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\45b134bd835c85exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2020

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
47KB

MD5
1b75d5e3557a9da49fb97a6a58aebf66

SHA1
095c4303f2baaa9d35371161a7efe1e458c2eb8d

SHA256
09849faf789d5331e9db7d72b71056a958147cceda4d94832df6c169b5e7e5f4

SHA512
e2d40814d3547905acf9296825015b78fbe43a2d6f2afc8dbc17ecc9c04780b59572614ee42add818da4abaa9317e491ff044c3390e0ba7819dcd70c1b147c53

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
47KB

MD5
1b75d5e3557a9da49fb97a6a58aebf66

SHA1
095c4303f2baaa9d35371161a7efe1e458c2eb8d

SHA256
09849faf789d5331e9db7d72b71056a958147cceda4d94832df6c169b5e7e5f4

SHA512
e2d40814d3547905acf9296825015b78fbe43a2d6f2afc8dbc17ecc9c04780b59572614ee42add818da4abaa9317e491ff044c3390e0ba7819dcd70c1b147c53

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
47KB

MD5
1b75d5e3557a9da49fb97a6a58aebf66

SHA1
095c4303f2baaa9d35371161a7efe1e458c2eb8d

SHA256
09849faf789d5331e9db7d72b71056a958147cceda4d94832df6c169b5e7e5f4

SHA512
e2d40814d3547905acf9296825015b78fbe43a2d6f2afc8dbc17ecc9c04780b59572614ee42add818da4abaa9317e491ff044c3390e0ba7819dcd70c1b147c53

Download Submit
memory/2020-68-0x0000000000480000-0x0000000000486000-memory.dmp

Filesize
24KB

Download
memory/2176-54-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2176-55-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download