b68a79bfaed815e1a9d152c06b196bf9c4b1abeddfdc9b48f93a67c8f5571bee

Analysis

max time kernel
147s
max time network
151s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
08/07/2023, 08:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5eae6f2bcee574exeexeexeex.exe
Size

100KB
MD5

5eae6f2bcee5741312db23c08bfb18d8
SHA1

c5152c7a0202c519b3d2cea56e13e790e23a9034
SHA256

b68a79bfaed815e1a9d152c06b196bf9c4b1abeddfdc9b48f93a67c8f5571bee
SHA512

26013a119623165599f842f2f6fd0a7434b6792361342fc2d438a0664f6aa818031fc51109768e9708800ba04481fec631fee8401c427dc951817bbf885668e6
SSDEEP

1536:P8mnK6QFElP6n+gymddpMOtEvwDpjIHsalRn5iF1j6Gz:1nK6a+qdOOtEvwDpjz

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2804	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
3004	5eae6f2bcee574exeexeexeex.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000a000000012276-63.dat	upx
behavioral1/memory/3004-66-0x0000000000500000-0x000000000050F311-memory.dmp	upx
behavioral1/files/0x000a000000012276-67.dat	upx
behavioral1/files/0x000a000000012276-75.dat	upx
behavioral1/memory/2804-76-0x0000000000500000-0x000000000050F311-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 2804	3004	5eae6f2bcee574exeexeexeex.exe	28
PID 3004 wrote to memory of 2804	3004	5eae6f2bcee574exeexeexeex.exe	28
PID 3004 wrote to memory of 2804	3004	5eae6f2bcee574exeexeexeex.exe	28
PID 3004 wrote to memory of 2804	3004	5eae6f2bcee574exeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\5eae6f2bcee574exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\5eae6f2bcee574exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2804

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
100KB

MD5
ab3be163c1451c863b5ae8276b712445

SHA1
33ee775add51d7486a3fad6fd0d022c022b378ea

SHA256
9389a5637471cb6f5ca349d2c7f987e73cbbb29c28908b52320450346a8dc703

SHA512
6d53e2b9711cfe3414407f7020cc67dc9981e6c7c79866922448b62b2b99822c6215fe17bda0797a513eff13e670e10a57dcc26b3ead24c3bbc2610155be3ef9

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
100KB

MD5
ab3be163c1451c863b5ae8276b712445

SHA1
33ee775add51d7486a3fad6fd0d022c022b378ea

SHA256
9389a5637471cb6f5ca349d2c7f987e73cbbb29c28908b52320450346a8dc703

SHA512
6d53e2b9711cfe3414407f7020cc67dc9981e6c7c79866922448b62b2b99822c6215fe17bda0797a513eff13e670e10a57dcc26b3ead24c3bbc2610155be3ef9

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
100KB

MD5
ab3be163c1451c863b5ae8276b712445

SHA1
33ee775add51d7486a3fad6fd0d022c022b378ea

SHA256
9389a5637471cb6f5ca349d2c7f987e73cbbb29c28908b52320450346a8dc703

SHA512
6d53e2b9711cfe3414407f7020cc67dc9981e6c7c79866922448b62b2b99822c6215fe17bda0797a513eff13e670e10a57dcc26b3ead24c3bbc2610155be3ef9

Download Submit
memory/2804-69-0x00000000003E0000-0x00000000003E6000-memory.dmp

Filesize
24KB

Download
memory/2804-76-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download
memory/3004-54-0x0000000000440000-0x0000000000446000-memory.dmp

Filesize
24KB

Download
memory/3004-55-0x00000000004B0000-0x00000000004B6000-memory.dmp

Filesize
24KB

Download
memory/3004-66-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download