449d5d9d01767f6974fe9d7608ea30aff93e934e3db47ce06339f4662eeb94bf

Analysis

max time kernel
149s
max time network
154s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
07/07/2023, 20:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59568eac06ace0exeexeexeex.exe
Size

103KB
MD5

59568eac06ace083023866c87e558da4
SHA1

b82b44c7c40c70a013ba4d7f6f12bc5637417ea1
SHA256

449d5d9d01767f6974fe9d7608ea30aff93e934e3db47ce06339f4662eeb94bf
SHA512

440b9c336ce10f7ace2338176e24fc70e8c54e05a5bc1d07407c50f3b3e552970144ffcfd3b31889186cf05e28a8ec458c920bd2dde484d44ee2265135130c5b
SSDEEP

768:xQz7yVEhs9+4uR1bytOOtEvwDpjWfbZ7uyA36S7MpxRiWCCyDLKASkjoBF+6R:xj+VGMOtEvwDpjubwQEIie8+ASkUR

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2400	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2072	59568eac06ace0exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2400	2072	59568eac06ace0exeexeexeex.exe	29
PID 2072 wrote to memory of 2400	2072	59568eac06ace0exeexeexeex.exe	29
PID 2072 wrote to memory of 2400	2072	59568eac06ace0exeexeexeex.exe	29
PID 2072 wrote to memory of 2400	2072	59568eac06ace0exeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\59568eac06ace0exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\59568eac06ace0exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2400

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
103KB

MD5
193a6aa4f23871ba17b0199823ada9fc

SHA1
f875d40cc67ff9b1b5c6c2e908220a55b61dc734

SHA256
9def2217a147d4d588a073f21a2d552f5986ab99e864f07faf0d03878f8482d9

SHA512
6d3fd80673b10c79b8be71819bea51aa4d852466c06af8a93cf93f95387716b9483673646b1f2c07ca0557a1ee53796e73d8f632c2ad6e7f987fd8bb193c5f4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
103KB

MD5
193a6aa4f23871ba17b0199823ada9fc

SHA1
f875d40cc67ff9b1b5c6c2e908220a55b61dc734

SHA256
9def2217a147d4d588a073f21a2d552f5986ab99e864f07faf0d03878f8482d9

SHA512
6d3fd80673b10c79b8be71819bea51aa4d852466c06af8a93cf93f95387716b9483673646b1f2c07ca0557a1ee53796e73d8f632c2ad6e7f987fd8bb193c5f4d

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
103KB

MD5
193a6aa4f23871ba17b0199823ada9fc

SHA1
f875d40cc67ff9b1b5c6c2e908220a55b61dc734

SHA256
9def2217a147d4d588a073f21a2d552f5986ab99e864f07faf0d03878f8482d9

SHA512
6d3fd80673b10c79b8be71819bea51aa4d852466c06af8a93cf93f95387716b9483673646b1f2c07ca0557a1ee53796e73d8f632c2ad6e7f987fd8bb193c5f4d

Download Submit
memory/2072-55-0x00000000002F0000-0x00000000002F6000-memory.dmp

Filesize
24KB

Download
memory/2072-54-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2072-67-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2400-69-0x0000000000380000-0x0000000000386000-memory.dmp

Filesize
24KB

Download
memory/2400-76-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download