dfd7b2defc617f7b1aca1a48b3210a888f59c7ad3c184e2433cdb6b1feb4c9cc

Analysis

max time kernel
148s
max time network
151s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
07/07/2023, 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b808cdab31633exeexeexeex.exe
Size

44KB
MD5

5b808cdab31633345fb0701890392d3c
SHA1

95a05e20f5ba94840c76c8ceec6dd9bb0dbb379c
SHA256

dfd7b2defc617f7b1aca1a48b3210a888f59c7ad3c184e2433cdb6b1feb4c9cc
SHA512

731a467205f35ac702aad33903b621fcea2c5bd4f60eeb8224e08f8d6e53b9e35197ea3a37704721894c5253c8999c80eb41d1c72d92bff352287ffb5619a7ec
SSDEEP

768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBVajSKm5uzOHxulionQe:X6QFElP6n+gJQMOtEvwDpjBcSKm5upvN

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2052	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2820	5b808cdab31633exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 2052	2820	5b808cdab31633exeexeexeex.exe	28
PID 2820 wrote to memory of 2052	2820	5b808cdab31633exeexeexeex.exe	28
PID 2820 wrote to memory of 2052	2820	5b808cdab31633exeexeexeex.exe	28
PID 2820 wrote to memory of 2052	2820	5b808cdab31633exeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\5b808cdab31633exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\5b808cdab31633exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2052

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
44KB

MD5
f1f6a0e955e943df3a6c05ddb08e9f51

SHA1
d8d5040d6cabb418f38a697625b86a2b23cd400e

SHA256
cb2e9f533d32191e587242c6b35b264888dc4c4eee3d3932e696e8bdb8d0981a

SHA512
0f3d95dc2c69653d7b31bf8d93e516889e396e84710050162c4f0b601cf8222cef2374e7280cefc7ad36c88cb2fe85012f0acacc8d007237734acd8f18c46d0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
44KB

MD5
f1f6a0e955e943df3a6c05ddb08e9f51

SHA1
d8d5040d6cabb418f38a697625b86a2b23cd400e

SHA256
cb2e9f533d32191e587242c6b35b264888dc4c4eee3d3932e696e8bdb8d0981a

SHA512
0f3d95dc2c69653d7b31bf8d93e516889e396e84710050162c4f0b601cf8222cef2374e7280cefc7ad36c88cb2fe85012f0acacc8d007237734acd8f18c46d0a

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
44KB

MD5
f1f6a0e955e943df3a6c05ddb08e9f51

SHA1
d8d5040d6cabb418f38a697625b86a2b23cd400e

SHA256
cb2e9f533d32191e587242c6b35b264888dc4c4eee3d3932e696e8bdb8d0981a

SHA512
0f3d95dc2c69653d7b31bf8d93e516889e396e84710050162c4f0b601cf8222cef2374e7280cefc7ad36c88cb2fe85012f0acacc8d007237734acd8f18c46d0a

Download Submit
memory/2052-68-0x00000000002F0000-0x00000000002F6000-memory.dmp

Filesize
24KB

Download
memory/2820-54-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2820-55-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download