6cd4b7a9d4ee265a31a5b4ca1f4b450142a23a2706d719137b83845763576459

Analysis

max time kernel
150s
max time network
156s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
07/07/2023, 20:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5b7be18889217bexeexeexeex.exe
Size

39KB
MD5

5b7be18889217b5ea32d3463a417f547
SHA1

5d8e75decdeac8e2eca68acd3617831817e27399
SHA256

6cd4b7a9d4ee265a31a5b4ca1f4b450142a23a2706d719137b83845763576459
SHA512

c2cd4098228c8a5aa4244bf1c921f19f9fa0859dc2f9b6cb4dda503ec325d9d569ebb1b98849da086e93157f316d5371a564ec3767e29ae1d1d349daf74e3709
SSDEEP

768:UEEmoQDj/xnMp+yptndwe/PWQtOOtEvwDpjIm8lB4dCOBtri2c:ZzFbxmLPWQMOtEvwDpj38ls+h

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1520	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
300	5b7be18889217bexeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 300 wrote to memory of 1520	300	5b7be18889217bexeexeexeex.exe	28
PID 300 wrote to memory of 1520	300	5b7be18889217bexeexeexeex.exe	28
PID 300 wrote to memory of 1520	300	5b7be18889217bexeexeexeex.exe	28
PID 300 wrote to memory of 1520	300	5b7be18889217bexeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\5b7be18889217bexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\5b7be18889217bexeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:300
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:1520

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
39KB

MD5
4b2150b7776fb32ed7abd6dc7928326e

SHA1
d7de163dfaeded2abd2f88a7ce96b881d57e86f0

SHA256
271f6a7aa96147cddf6728a98375f0565df39406c550d41f2e2385648cab109a

SHA512
b160b95b38f15d368b55ab3c4da46d00a0f95eeb4f0041d5489a2470778dc8ee9f2152799a2f2ea8108c4283681b799a7f4524005b3985f736bc589bdd62df43

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
39KB

MD5
4b2150b7776fb32ed7abd6dc7928326e

SHA1
d7de163dfaeded2abd2f88a7ce96b881d57e86f0

SHA256
271f6a7aa96147cddf6728a98375f0565df39406c550d41f2e2385648cab109a

SHA512
b160b95b38f15d368b55ab3c4da46d00a0f95eeb4f0041d5489a2470778dc8ee9f2152799a2f2ea8108c4283681b799a7f4524005b3985f736bc589bdd62df43

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
39KB

MD5
4b2150b7776fb32ed7abd6dc7928326e

SHA1
d7de163dfaeded2abd2f88a7ce96b881d57e86f0

SHA256
271f6a7aa96147cddf6728a98375f0565df39406c550d41f2e2385648cab109a

SHA512
b160b95b38f15d368b55ab3c4da46d00a0f95eeb4f0041d5489a2470778dc8ee9f2152799a2f2ea8108c4283681b799a7f4524005b3985f736bc589bdd62df43

Download Submit
memory/300-54-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/300-55-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/1520-68-0x0000000000480000-0x0000000000486000-memory.dmp

Filesize
24KB

Download
memory/1520-75-0x00000000001C0000-0x00000000001C6000-memory.dmp

Filesize
24KB

Download