449965944846fc1bc3e6d7273dbd95a1491f098408d176484ae8e4efd3917e58

Analysis

max time kernel
135s
max time network
146s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
08/07/2023, 10:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c72d96cc143b7exeexeexeex.exe
Size

60KB
MD5

6c72d96cc143b7c242593f696565bbc1
SHA1

4a6bb2ed6450c183dcb28bdf584cda1bde1f0e20
SHA256

449965944846fc1bc3e6d7273dbd95a1491f098408d176484ae8e4efd3917e58
SHA512

ce4faa78f8ba256984d3248b42c0b6ef5bbb3dd45de08d0be33c14fa06d5706af8b803f59ed529530446935cf03edf5647a7d3b8a561fbbcf60ce1ec3d82fd34
SSDEEP

1536:vj+jsMQMOtEvwDpj5HyCyh7vtRJ4BqKb1cKtecg:vCjsIOtEvwDpj5Hv03

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2004	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1976	6c72d96cc143b7exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 2004	1976	6c72d96cc143b7exeexeexeex.exe	29
PID 1976 wrote to memory of 2004	1976	6c72d96cc143b7exeexeexeex.exe	29
PID 1976 wrote to memory of 2004	1976	6c72d96cc143b7exeexeexeex.exe	29
PID 1976 wrote to memory of 2004	1976	6c72d96cc143b7exeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\6c72d96cc143b7exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\6c72d96cc143b7exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2004

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
60KB

MD5
f3334d6e7859f138c6cd35813293ff6a

SHA1
65c3f3d6e918108810a66e05680c61054a9875a7

SHA256
7d35f031cc63859484154b5f367ebcdfd59c5fe00c3102cb47040b48e902e1c8

SHA512
5cbe3c87146d50aed564c82c9235aa5dc0f43b285d3884637f9586cde0d30b82e0bb7f6d96cd13c3221162258d0c529698f8d885231fbe4528312415fbedf50e

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
60KB

MD5
f3334d6e7859f138c6cd35813293ff6a

SHA1
65c3f3d6e918108810a66e05680c61054a9875a7

SHA256
7d35f031cc63859484154b5f367ebcdfd59c5fe00c3102cb47040b48e902e1c8

SHA512
5cbe3c87146d50aed564c82c9235aa5dc0f43b285d3884637f9586cde0d30b82e0bb7f6d96cd13c3221162258d0c529698f8d885231fbe4528312415fbedf50e

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
60KB

MD5
f3334d6e7859f138c6cd35813293ff6a

SHA1
65c3f3d6e918108810a66e05680c61054a9875a7

SHA256
7d35f031cc63859484154b5f367ebcdfd59c5fe00c3102cb47040b48e902e1c8

SHA512
5cbe3c87146d50aed564c82c9235aa5dc0f43b285d3884637f9586cde0d30b82e0bb7f6d96cd13c3221162258d0c529698f8d885231fbe4528312415fbedf50e

Download Submit
memory/1976-54-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/1976-55-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2004-68-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download