adc0cfc6ea1708754dd173ecc78edf4852c7c814d71c6a589089d86d12b71b09

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20230705-en
resource tags

arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system
submitted
08/07/2023, 09:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

68616affee67d4exeexeexeex.exe
Size

72KB
MD5

68616affee67d453f6f7cafef8e5bcb0
SHA1

db8b2e3258f490fcf05556563555f771c1de6bc9
SHA256

adc0cfc6ea1708754dd173ecc78edf4852c7c814d71c6a589089d86d12b71b09
SHA512

0fae910458bd59b6673174460b7fcc20fa097a9e689f625faabeba10d0fff01cefdb2336e023efa765a7de4df2636e65519f3c6e017f6cb6a5cf7622d4a7b1ae
SSDEEP

1536:P8mnK6QFElP6n+gymddpMOtEvwDpjIHsalDS+:1nK6a+qdOOtEvwDpjw

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2332	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2156	68616affee67d4exeexeexeex.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2156-62-0x0000000000500000-0x000000000050F311-memory.dmp	upx
behavioral1/files/0x000c00000001225b-67.dat	upx
behavioral1/files/0x000c00000001225b-64.dat	upx
behavioral1/files/0x000c00000001225b-75.dat	upx
behavioral1/memory/2332-76-0x0000000000500000-0x000000000050F311-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2332	2156	68616affee67d4exeexeexeex.exe	27
PID 2156 wrote to memory of 2332	2156	68616affee67d4exeexeexeex.exe	27
PID 2156 wrote to memory of 2332	2156	68616affee67d4exeexeexeex.exe	27
PID 2156 wrote to memory of 2332	2156	68616affee67d4exeexeexeex.exe	27

C:\Users\Admin\AppData\Local\Temp\68616affee67d4exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\68616affee67d4exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2332

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
72KB

MD5
473be6d3a56edf588a3199c968c43285

SHA1
344342086d44a4e4ec194aafa49ed067da9a324d

SHA256
50251bf2469afde937443d9b0c1010cea58f8d9e5742a3ec62ce03af01236c44

SHA512
8ae3ab390873742f2c38bfa7b12f02403321882e118e7c9ef138f6e3e3de06ab034d69dc6f5dbb4208b656f685904dd73cefe0b5d2e3bfb3df01db320489e5c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
72KB

MD5
473be6d3a56edf588a3199c968c43285

SHA1
344342086d44a4e4ec194aafa49ed067da9a324d

SHA256
50251bf2469afde937443d9b0c1010cea58f8d9e5742a3ec62ce03af01236c44

SHA512
8ae3ab390873742f2c38bfa7b12f02403321882e118e7c9ef138f6e3e3de06ab034d69dc6f5dbb4208b656f685904dd73cefe0b5d2e3bfb3df01db320489e5c3

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
72KB

MD5
473be6d3a56edf588a3199c968c43285

SHA1
344342086d44a4e4ec194aafa49ed067da9a324d

SHA256
50251bf2469afde937443d9b0c1010cea58f8d9e5742a3ec62ce03af01236c44

SHA512
8ae3ab390873742f2c38bfa7b12f02403321882e118e7c9ef138f6e3e3de06ab034d69dc6f5dbb4208b656f685904dd73cefe0b5d2e3bfb3df01db320489e5c3

Download Submit
memory/2156-54-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/2156-55-0x0000000000450000-0x0000000000456000-memory.dmp

Filesize
24KB

Download
memory/2156-62-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download
memory/2332-69-0x0000000000380000-0x0000000000386000-memory.dmp

Filesize
24KB

Download
memory/2332-76-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download