ed9b8d7bceebfd07668751f54cdd7046573d8290eb50bc037154be00051390a3

Analysis

max time kernel
145s
max time network
148s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
06-07-2023 16:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ff3d35891b33dexeexeexeex.exe
Size

59KB
MD5

3ff3d35891b33d531a0235ec31412da5
SHA1

3e9b43db9500556affce401d643d42689cfb368c
SHA256

ed9b8d7bceebfd07668751f54cdd7046573d8290eb50bc037154be00051390a3
SHA512

32317f9f18801fc043c10782efaff390325fbeef1be83a8ded177d04c648ec2c4875ccfd0905b29316f6a43e1f71932b59a64198ecbe722d6fb94f2467caff60
SSDEEP

1536:79mqyNhQMOtEvwDpjBPY7xv3gy7ux1Sk9:RlqbOtEvwDpjBg6

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2296	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2324	3ff3d35891b33dexeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 2296	2324	3ff3d35891b33dexeexeexeex.exe	28
PID 2324 wrote to memory of 2296	2324	3ff3d35891b33dexeexeexeex.exe	28
PID 2324 wrote to memory of 2296	2324	3ff3d35891b33dexeexeexeex.exe	28
PID 2324 wrote to memory of 2296	2324	3ff3d35891b33dexeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\3ff3d35891b33dexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\3ff3d35891b33dexeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2296

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
59KB

MD5
a60f9b52b9c48ff3712062aa18d61302

SHA1
22d98639a815ae80a019801a6c30a4ee43c6562c

SHA256
bd50fe2d55e5f52791d1e72e661e556ec356392c9335e910d2921cbcdb330149

SHA512
c78746d9ae269cf6b946bcd986145c87ab0fcf2c2f1bbef07fe9bbbd2136be119e8b63f372ebcf5838003f951658f314dcd0f19ab65ef1aa8fe0fbf9fc03d346

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
59KB

MD5
a60f9b52b9c48ff3712062aa18d61302

SHA1
22d98639a815ae80a019801a6c30a4ee43c6562c

SHA256
bd50fe2d55e5f52791d1e72e661e556ec356392c9335e910d2921cbcdb330149

SHA512
c78746d9ae269cf6b946bcd986145c87ab0fcf2c2f1bbef07fe9bbbd2136be119e8b63f372ebcf5838003f951658f314dcd0f19ab65ef1aa8fe0fbf9fc03d346

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
59KB

MD5
a60f9b52b9c48ff3712062aa18d61302

SHA1
22d98639a815ae80a019801a6c30a4ee43c6562c

SHA256
bd50fe2d55e5f52791d1e72e661e556ec356392c9335e910d2921cbcdb330149

SHA512
c78746d9ae269cf6b946bcd986145c87ab0fcf2c2f1bbef07fe9bbbd2136be119e8b63f372ebcf5838003f951658f314dcd0f19ab65ef1aa8fe0fbf9fc03d346

Download Submit
memory/2296-69-0x0000000000340000-0x0000000000346000-memory.dmp

Filesize
24KB

Download
memory/2296-76-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2324-54-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/2324-55-0x0000000000450000-0x0000000000456000-memory.dmp

Filesize
24KB

Download
memory/2324-67-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download