f26d50cb8774e80c65dc4202d2c7ba4121ba38ac814607ef83509a19565ccba5

Analysis

max time kernel
144s
max time network
150s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
08-07-2023 08:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f482432f2ac91exeexeexeex.exe
Size

96KB
MD5

5f482432f2ac917f46476f24158924a9
SHA1

194f2ae56c15ddfb6026104ddfbe4a269b9dbbf6
SHA256

f26d50cb8774e80c65dc4202d2c7ba4121ba38ac814607ef83509a19565ccba5
SHA512

88b1272bcad610225398fbf748ef6a5961f279cdd1324aba7f74c574ce95e48dfdf829d7e4e80124321cc343c9eb022d10670e68898227db0d556ddd692fa0a2
SSDEEP

768:XS5nQJ24LR1bytOOtEvwDpjNbZ7uyA36S7MpxRiWCCy9lI6TX:i5nkFGMOtEvwDpjNbwQEIieqR

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1332	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2148	5f482432f2ac91exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 1332	2148	5f482432f2ac91exeexeexeex.exe	29
PID 2148 wrote to memory of 1332	2148	5f482432f2ac91exeexeexeex.exe	29
PID 2148 wrote to memory of 1332	2148	5f482432f2ac91exeexeexeex.exe	29
PID 2148 wrote to memory of 1332	2148	5f482432f2ac91exeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\5f482432f2ac91exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\5f482432f2ac91exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:1332

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
96KB

MD5
35864128fb3e3299f32d219a43cf115a

SHA1
e9a8d7786788c1f2136fd2985f39d24cd6da2805

SHA256
64c1dee9bd202c69a9b13f59779cf1ac199ecdbf8bc7c238dbf6f27058026da9

SHA512
9c2c36331ce6276cd236025c4cda707529b9080d8e795afbdbbb37c58a4658f87878755175335a97dc2a113505317bf7ecd4871dec7fdc9d73cb54b7080f0cf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
96KB

MD5
35864128fb3e3299f32d219a43cf115a

SHA1
e9a8d7786788c1f2136fd2985f39d24cd6da2805

SHA256
64c1dee9bd202c69a9b13f59779cf1ac199ecdbf8bc7c238dbf6f27058026da9

SHA512
9c2c36331ce6276cd236025c4cda707529b9080d8e795afbdbbb37c58a4658f87878755175335a97dc2a113505317bf7ecd4871dec7fdc9d73cb54b7080f0cf0

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
96KB

MD5
35864128fb3e3299f32d219a43cf115a

SHA1
e9a8d7786788c1f2136fd2985f39d24cd6da2805

SHA256
64c1dee9bd202c69a9b13f59779cf1ac199ecdbf8bc7c238dbf6f27058026da9

SHA512
9c2c36331ce6276cd236025c4cda707529b9080d8e795afbdbbb37c58a4658f87878755175335a97dc2a113505317bf7ecd4871dec7fdc9d73cb54b7080f0cf0

Download Submit
memory/1332-69-0x0000000001C90000-0x0000000001C96000-memory.dmp

Filesize
24KB

Download
memory/1332-76-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2148-54-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2148-55-0x0000000000450000-0x0000000000456000-memory.dmp

Filesize
24KB

Download
memory/2148-66-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download