b15312e31ff098799f636cf31fc7d804c804fddf73ef7e642fbc3a415145aaee

Analysis

max time kernel
148s
max time network
153s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
08-07-2023 10:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7204f6ff5dbc64exeexeexeex.exe
Size

46KB
MD5

7204f6ff5dbc64ad562134a12964829b
SHA1

29bf5cde649c97c8876b70f67926c5aa725eb805
SHA256

b15312e31ff098799f636cf31fc7d804c804fddf73ef7e642fbc3a415145aaee
SHA512

c3cfb41f7c570eb90caf7346d58e3214bd85c89d9c6a381be5ad57fadedfa339a24c684652959826ad16cab6a4968c2a49ee8413f21202c2643669b1e6964703
SSDEEP

768:bIDOw9UiaCHfjnE0Sfa7ilR0p9u6p4Uu6EIZPm83N:bIDOw9a0DwitDwIZb3N

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2168	lossy.exe

Loads dropped DLL 1 IoCs

pid	Process
2340	7204f6ff5dbc64exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 2168	2340	7204f6ff5dbc64exeexeexeex.exe	29
PID 2340 wrote to memory of 2168	2340	7204f6ff5dbc64exeexeexeex.exe	29
PID 2340 wrote to memory of 2168	2340	7204f6ff5dbc64exeexeexeex.exe	29
PID 2340 wrote to memory of 2168	2340	7204f6ff5dbc64exeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\7204f6ff5dbc64exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\7204f6ff5dbc64exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Users\Admin\AppData\Local\Temp\lossy.exe
  "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
  2⤵
  - Executes dropped EXE
  PID:2168

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
46KB

MD5
9cd6cebdbe2911c6c260840d722bc68d

SHA1
f64d702047c383fbe996719c8bccbbc9339fb851

SHA256
6af7fecf03851d137769b4b2e571bb6877f82ea0de892ee963fe14b3a2bb1d0a

SHA512
6d57dafebc5a02674d3ba94439ded4e12075d5abbe75e6ffaf7a69359ba35c690c5b7aaede55a77f9cd2c542c93f6926dc34b4c535602629d75d74343e1375e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
46KB

MD5
9cd6cebdbe2911c6c260840d722bc68d

SHA1
f64d702047c383fbe996719c8bccbbc9339fb851

SHA256
6af7fecf03851d137769b4b2e571bb6877f82ea0de892ee963fe14b3a2bb1d0a

SHA512
6d57dafebc5a02674d3ba94439ded4e12075d5abbe75e6ffaf7a69359ba35c690c5b7aaede55a77f9cd2c542c93f6926dc34b4c535602629d75d74343e1375e2

Download Submit
\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
46KB

MD5
9cd6cebdbe2911c6c260840d722bc68d

SHA1
f64d702047c383fbe996719c8bccbbc9339fb851

SHA256
6af7fecf03851d137769b4b2e571bb6877f82ea0de892ee963fe14b3a2bb1d0a

SHA512
6d57dafebc5a02674d3ba94439ded4e12075d5abbe75e6ffaf7a69359ba35c690c5b7aaede55a77f9cd2c542c93f6926dc34b4c535602629d75d74343e1375e2

Download Submit
memory/2168-68-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2340-54-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/2340-55-0x0000000000390000-0x0000000000396000-memory.dmp

Filesize
24KB

Download