f15deeffe9870b1ca4397521f8fb8d4024c7cb53287e328e2c9a600903d88594

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
07/07/2023, 12:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

496dc0cf76143aexeexeexeex.exe
Size

32KB
MD5

496dc0cf76143a8d13e4bf05b7d9ee0e
SHA1

b4b193543b8352bab508835ee9498111b516bacd
SHA256

f15deeffe9870b1ca4397521f8fb8d4024c7cb53287e328e2c9a600903d88594
SHA512

edc4d5454646592d2a53e56447b797dc297ee628ea8cb16f288347ba1bc37e2c58c182287004f828ddc3070a935c7028924bb66b3949b7835ff111f4f8458a7a
SSDEEP

768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjB9iYpj:X6QFElP6n+gJQMOtEvwDpjBHj

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2276	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2084	496dc0cf76143aexeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2276	2084	496dc0cf76143aexeexeexeex.exe	29
PID 2084 wrote to memory of 2276	2084	496dc0cf76143aexeexeexeex.exe	29
PID 2084 wrote to memory of 2276	2084	496dc0cf76143aexeexeexeex.exe	29
PID 2084 wrote to memory of 2276	2084	496dc0cf76143aexeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\496dc0cf76143aexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\496dc0cf76143aexeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2276

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
32KB

MD5
80d213c7aabb2c71c905a6fe3e2c2188

SHA1
3826ed9015c35298cbae1e014aa864a265f6eb0b

SHA256
6159d63da8f4c4d138d36a54b8627333950777730edc70f2a1cdf7d00765627e

SHA512
0f24489a67e71ae125193f36aa2f83cae009cb9695a65816540782deb99af36c81c577b4995942ce7e44a12513ce35ef4dd66a737743e1b9ddbbfa57b9da6c7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
32KB

MD5
80d213c7aabb2c71c905a6fe3e2c2188

SHA1
3826ed9015c35298cbae1e014aa864a265f6eb0b

SHA256
6159d63da8f4c4d138d36a54b8627333950777730edc70f2a1cdf7d00765627e

SHA512
0f24489a67e71ae125193f36aa2f83cae009cb9695a65816540782deb99af36c81c577b4995942ce7e44a12513ce35ef4dd66a737743e1b9ddbbfa57b9da6c7a

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
32KB

MD5
80d213c7aabb2c71c905a6fe3e2c2188

SHA1
3826ed9015c35298cbae1e014aa864a265f6eb0b

SHA256
6159d63da8f4c4d138d36a54b8627333950777730edc70f2a1cdf7d00765627e

SHA512
0f24489a67e71ae125193f36aa2f83cae009cb9695a65816540782deb99af36c81c577b4995942ce7e44a12513ce35ef4dd66a737743e1b9ddbbfa57b9da6c7a

Download Submit
memory/2084-55-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/2084-54-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2276-68-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download