81b00e78c4f81baf8f78aa59a207d34d10c890eb5714751e22da77cd0085c201

Analysis

max time kernel
148s
max time network
154s
platform
windows7_x64
resource
win7-20230705-en
resource tags

arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system
submitted
07-07-2023 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b88f9400fd26eexeexeexeex.exe
Size

36KB
MD5

5b88f9400fd26efc2f9879cc8a86fbfb
SHA1

ea5a8b01787d11dacdbf6375448d71fc4d1af8f8
SHA256

81b00e78c4f81baf8f78aa59a207d34d10c890eb5714751e22da77cd0085c201
SHA512

1ae68112707044bbcfc0cdbd73195073003fa5e447e6428b7420cf18404eb1d78882d96bcbbed6df61a0a2ddc4d268a457231b00ed16b5185baa3f357676fbed
SSDEEP

768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBaacQsdRLY:X6QFElP6n+gJQMOtEvwDpjBsQT

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2236	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
3012	5b88f9400fd26eexeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2236	3012	5b88f9400fd26eexeexeexeex.exe	27
PID 3012 wrote to memory of 2236	3012	5b88f9400fd26eexeexeexeex.exe	27
PID 3012 wrote to memory of 2236	3012	5b88f9400fd26eexeexeexeex.exe	27
PID 3012 wrote to memory of 2236	3012	5b88f9400fd26eexeexeexeex.exe	27

C:\Users\Admin\AppData\Local\Temp\5b88f9400fd26eexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\5b88f9400fd26eexeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2236

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
36KB

MD5
d672f3883b70dfac0976f0cc5d6b3c19

SHA1
89b671f60ca0a2201234752426796f5bb5146aeb

SHA256
f335388b866ff81e82789f3867cd4e35639a64d471ff62b8f9c6138b41db0b46

SHA512
01559cfab52ca112d4f2e5451a35c28c71afa7206d5cc535494f6897a5845534481fe5e832bd6e8962cb4f15e0ec1ef10d904ab4bd0a59985365c42e605b0c87

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
36KB

MD5
d672f3883b70dfac0976f0cc5d6b3c19

SHA1
89b671f60ca0a2201234752426796f5bb5146aeb

SHA256
f335388b866ff81e82789f3867cd4e35639a64d471ff62b8f9c6138b41db0b46

SHA512
01559cfab52ca112d4f2e5451a35c28c71afa7206d5cc535494f6897a5845534481fe5e832bd6e8962cb4f15e0ec1ef10d904ab4bd0a59985365c42e605b0c87

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
36KB

MD5
d672f3883b70dfac0976f0cc5d6b3c19

SHA1
89b671f60ca0a2201234752426796f5bb5146aeb

SHA256
f335388b866ff81e82789f3867cd4e35639a64d471ff62b8f9c6138b41db0b46

SHA512
01559cfab52ca112d4f2e5451a35c28c71afa7206d5cc535494f6897a5845534481fe5e832bd6e8962cb4f15e0ec1ef10d904ab4bd0a59985365c42e605b0c87

Download Submit
memory/2236-68-0x0000000000470000-0x0000000000476000-memory.dmp

Filesize
24KB

Download
memory/3012-54-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/3012-55-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download