9f0248fb5f884b9274fb7663696f28100b1867830c46140255e0b011d393419b

Analysis

max time kernel
149s
max time network
152s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
08/07/2023, 11:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74b2c6b5c74d51exeexeexeex.exe
Size

59KB
MD5

74b2c6b5c74d51aaf88e01b25dca4d06
SHA1

2aa2fae2b3cd44563dfacdfc2b872a69bdee042b
SHA256

9f0248fb5f884b9274fb7663696f28100b1867830c46140255e0b011d393419b
SHA512

7272b4bc72c3e0c29af1f80a00aa2cacd2c2fdb93003e6086584455f7ea8fffff84811b46a001b7ef8237c2c43d1a83837d3d92f3e029a9c9439a82a89204d7a
SSDEEP

1536:X6QFElP6n+gJQMOtEvwDpjBccD2RuoNmuBLYMK+:X6a+SOtEvwDpjBrOd

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2388	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2232	74b2c6b5c74d51exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2388	2232	74b2c6b5c74d51exeexeexeex.exe	28
PID 2232 wrote to memory of 2388	2232	74b2c6b5c74d51exeexeexeex.exe	28
PID 2232 wrote to memory of 2388	2232	74b2c6b5c74d51exeexeexeex.exe	28
PID 2232 wrote to memory of 2388	2232	74b2c6b5c74d51exeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\74b2c6b5c74d51exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\74b2c6b5c74d51exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2388

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
59KB

MD5
9a11c5c7834f1c5afc79315c35fb7cd7

SHA1
8b63be267d950d402b11ba6dc50258f0d6d78a63

SHA256
de07de4c12ca3790ab106b2e30515c386db6e4629bcf3767fc341761b85e0bb7

SHA512
4e99742831850875d09b0226a3b22ef5ddef35e2466d03594dcddca88db65ec1cc69eb8eaeeacfe3e23a1eb2ebff7d31e562215ea99250816d178fa7d92c568b

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
59KB

MD5
9a11c5c7834f1c5afc79315c35fb7cd7

SHA1
8b63be267d950d402b11ba6dc50258f0d6d78a63

SHA256
de07de4c12ca3790ab106b2e30515c386db6e4629bcf3767fc341761b85e0bb7

SHA512
4e99742831850875d09b0226a3b22ef5ddef35e2466d03594dcddca88db65ec1cc69eb8eaeeacfe3e23a1eb2ebff7d31e562215ea99250816d178fa7d92c568b

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
59KB

MD5
9a11c5c7834f1c5afc79315c35fb7cd7

SHA1
8b63be267d950d402b11ba6dc50258f0d6d78a63

SHA256
de07de4c12ca3790ab106b2e30515c386db6e4629bcf3767fc341761b85e0bb7

SHA512
4e99742831850875d09b0226a3b22ef5ddef35e2466d03594dcddca88db65ec1cc69eb8eaeeacfe3e23a1eb2ebff7d31e562215ea99250816d178fa7d92c568b

Download Submit
memory/2232-54-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2232-55-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2388-68-0x00000000002F0000-0x00000000002F6000-memory.dmp

Filesize
24KB

Download