e86206e99ca57ae6c8b0d88b574b46bba6122d7fb8849a0cd274422ea87c9167

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
07/07/2023, 20:19 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5753d347237d9dexeexeexeex.exe
Size

35KB
MD5

5753d347237d9dbfd76b7d7d13e8988e
SHA1

1c860173d3b099123f80800c526c14319ade6255
SHA256

e86206e99ca57ae6c8b0d88b574b46bba6122d7fb8849a0cd274422ea87c9167
SHA512

3621a8c8a97044b9391fd853ab593be503f5caa8634c784372eb0f7a2c2c39a4379694e3e2818027472ad90ffc848a865079c6303503c6ea4f57629bab681d4f
SSDEEP

384:bgX4uGLLQRcsdeQ7/nQu63Ag7YmecFanrlwfjDUkKDfWf6XT+72DxL9Dk:bgX4zYcgTEu6QOaryfjqDlC76L9A

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2056	hasfj.exe

Loads dropped DLL 1 IoCs

pid	Process
2408	5753d347237d9dexeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 2056	2408	5753d347237d9dexeexeexeex.exe	28
PID 2408 wrote to memory of 2056	2408	5753d347237d9dexeexeexeex.exe	28
PID 2408 wrote to memory of 2056	2408	5753d347237d9dexeexeexeex.exe	28
PID 2408 wrote to memory of 2056	2408	5753d347237d9dexeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\5753d347237d9dexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\5753d347237d9dexeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Users\Admin\AppData\Local\Temp\hasfj.exe
  "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
  2⤵
  - Executes dropped EXE
  PID:2056

Network

DNS

mytarta.com

hasfj.exe

Remote address:

8.8.8.8:53

Request

mytarta.com

IN A

Response

mytarta.com

IN A

160.121.32.33

160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
192.229.211.108:80

46 B
1
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

152 B
120 B
3
3
160.121.32.33:443

mytarta.com

hasfj.exe

104 B
40 B
2
1

8.8.8.8:53

mytarta.com

dns

hasfj.exe

57 B
73 B
1
1

DNS Request

mytarta.com

DNS Response

160.121.32.33

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
35KB

MD5
5a8096e2cfea698dda3f645b74685dde

SHA1
758532075c9058af1fd2b1ae08d73734e3e55beb

SHA256
8590ccfcb00a0725bc0e34fdd62f85f950c2caec29d95fb61f0200d540c2dbe1

SHA512
eb0f28da3810232ed93cfc5be5619e6ae9991acd4e1f519ada498f498411e5068019b85b6f9f44c08940bf4ac29d3d1b1c6394b42c34a4cf3c18cd32ac81835b

Download Submit
C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
35KB

MD5
5a8096e2cfea698dda3f645b74685dde

SHA1
758532075c9058af1fd2b1ae08d73734e3e55beb

SHA256
8590ccfcb00a0725bc0e34fdd62f85f950c2caec29d95fb61f0200d540c2dbe1

SHA512
eb0f28da3810232ed93cfc5be5619e6ae9991acd4e1f519ada498f498411e5068019b85b6f9f44c08940bf4ac29d3d1b1c6394b42c34a4cf3c18cd32ac81835b

Download Submit
\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
35KB

MD5
5a8096e2cfea698dda3f645b74685dde

SHA1
758532075c9058af1fd2b1ae08d73734e3e55beb

SHA256
8590ccfcb00a0725bc0e34fdd62f85f950c2caec29d95fb61f0200d540c2dbe1

SHA512
eb0f28da3810232ed93cfc5be5619e6ae9991acd4e1f519ada498f498411e5068019b85b6f9f44c08940bf4ac29d3d1b1c6394b42c34a4cf3c18cd32ac81835b

Download Submit
memory/2056-68-0x0000000000490000-0x0000000000496000-memory.dmp

Filesize
24KB

Download
memory/2408-54-0x0000000000350000-0x0000000000356000-memory.dmp

Filesize
24KB

Download
memory/2408-55-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download