5742db1f2726fed999a7da72025ad3f2a9f3ef419a0f1d5fe82c9cd4d1f38ed9

Analysis

max time kernel
148s
max time network
150s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
08-07-2023 10:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

705e481a247cb5exeexeexeex.exe
Size

86KB
MD5

705e481a247cb519bc4d8cdbec879ac0
SHA1

f1be26b44fb9e9921ace3a87d081a5b67565f38c
SHA256

5742db1f2726fed999a7da72025ad3f2a9f3ef419a0f1d5fe82c9cd4d1f38ed9
SHA512

09b0ff374a20f5f110b1cd09df78e4ac715f9e50d1f078c48a8899c46e1a9a9cb97138197e193a9db8cf21dafe180824bf49d42585b442c8f5bb82903bdf46e4
SSDEEP

1536:V6QFElP6n+gMQMOtEvwDpjQGYQbNcqamvWNf:V6a+pOtEvwDpjt4

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
804	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1144	705e481a247cb5exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1144 wrote to memory of 804	1144	705e481a247cb5exeexeexeex.exe	29
PID 1144 wrote to memory of 804	1144	705e481a247cb5exeexeexeex.exe	29
PID 1144 wrote to memory of 804	1144	705e481a247cb5exeexeexeex.exe	29
PID 1144 wrote to memory of 804	1144	705e481a247cb5exeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\705e481a247cb5exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\705e481a247cb5exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1144
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:804

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
86KB

MD5
5d9af5a9b5e846eaf87ac418615151bd

SHA1
93e0806a98cb627e677051f8c1ef065a6de5ccfe

SHA256
a854045295572cea5ee041d142e2d4644e6d2b900f17c2d1a0f710b5da6f252e

SHA512
8ea604e6266f8a5b9fc79c4942a2ac499c5816ccf75a34075d433c614a4fab8a7facd9174bde7e847706bdb5d65bffb665b5fe5b64e07328841de34c2ab583bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
86KB

MD5
5d9af5a9b5e846eaf87ac418615151bd

SHA1
93e0806a98cb627e677051f8c1ef065a6de5ccfe

SHA256
a854045295572cea5ee041d142e2d4644e6d2b900f17c2d1a0f710b5da6f252e

SHA512
8ea604e6266f8a5b9fc79c4942a2ac499c5816ccf75a34075d433c614a4fab8a7facd9174bde7e847706bdb5d65bffb665b5fe5b64e07328841de34c2ab583bc

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
86KB

MD5
5d9af5a9b5e846eaf87ac418615151bd

SHA1
93e0806a98cb627e677051f8c1ef065a6de5ccfe

SHA256
a854045295572cea5ee041d142e2d4644e6d2b900f17c2d1a0f710b5da6f252e

SHA512
8ea604e6266f8a5b9fc79c4942a2ac499c5816ccf75a34075d433c614a4fab8a7facd9174bde7e847706bdb5d65bffb665b5fe5b64e07328841de34c2ab583bc

Download Submit
memory/804-68-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/1144-54-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/1144-55-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download