Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
08/07/2023, 08:42
Behavioral task
behavioral1
Sample
5eae6f2bcee574exeexeexeex.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
5eae6f2bcee574exeexeexeex.exe
Resource
win10v2004-20230703-en
General
-
Target
5eae6f2bcee574exeexeexeex.exe
-
Size
100KB
-
MD5
5eae6f2bcee5741312db23c08bfb18d8
-
SHA1
c5152c7a0202c519b3d2cea56e13e790e23a9034
-
SHA256
b68a79bfaed815e1a9d152c06b196bf9c4b1abeddfdc9b48f93a67c8f5571bee
-
SHA512
26013a119623165599f842f2f6fd0a7434b6792361342fc2d438a0664f6aa818031fc51109768e9708800ba04481fec631fee8401c427dc951817bbf885668e6
-
SSDEEP
1536:P8mnK6QFElP6n+gymddpMOtEvwDpjIHsalRn5iF1j6Gz:1nK6a+qdOOtEvwDpjz
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2804 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 3004 5eae6f2bcee574exeexeexeex.exe -
resource yara_rule behavioral1/files/0x000a000000012276-63.dat upx behavioral1/memory/3004-66-0x0000000000500000-0x000000000050F311-memory.dmp upx behavioral1/files/0x000a000000012276-67.dat upx behavioral1/files/0x000a000000012276-75.dat upx behavioral1/memory/2804-76-0x0000000000500000-0x000000000050F311-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3004 wrote to memory of 2804 3004 5eae6f2bcee574exeexeexeex.exe 28 PID 3004 wrote to memory of 2804 3004 5eae6f2bcee574exeexeexeex.exe 28 PID 3004 wrote to memory of 2804 3004 5eae6f2bcee574exeexeexeex.exe 28 PID 3004 wrote to memory of 2804 3004 5eae6f2bcee574exeexeexeex.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\5eae6f2bcee574exeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\5eae6f2bcee574exeexeexeex.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3004 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:2804
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
100KB
MD5ab3be163c1451c863b5ae8276b712445
SHA133ee775add51d7486a3fad6fd0d022c022b378ea
SHA2569389a5637471cb6f5ca349d2c7f987e73cbbb29c28908b52320450346a8dc703
SHA5126d53e2b9711cfe3414407f7020cc67dc9981e6c7c79866922448b62b2b99822c6215fe17bda0797a513eff13e670e10a57dcc26b3ead24c3bbc2610155be3ef9
-
Filesize
100KB
MD5ab3be163c1451c863b5ae8276b712445
SHA133ee775add51d7486a3fad6fd0d022c022b378ea
SHA2569389a5637471cb6f5ca349d2c7f987e73cbbb29c28908b52320450346a8dc703
SHA5126d53e2b9711cfe3414407f7020cc67dc9981e6c7c79866922448b62b2b99822c6215fe17bda0797a513eff13e670e10a57dcc26b3ead24c3bbc2610155be3ef9
-
Filesize
100KB
MD5ab3be163c1451c863b5ae8276b712445
SHA133ee775add51d7486a3fad6fd0d022c022b378ea
SHA2569389a5637471cb6f5ca349d2c7f987e73cbbb29c28908b52320450346a8dc703
SHA5126d53e2b9711cfe3414407f7020cc67dc9981e6c7c79866922448b62b2b99822c6215fe17bda0797a513eff13e670e10a57dcc26b3ead24c3bbc2610155be3ef9