f908295e94acc2e74d25dfef86d45548b6c0072bfe26fbba3d3bd2309aa4d829

Analysis

max time kernel
146s
max time network
149s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
08/07/2023, 16:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c3d7ffdfc18b8exeexeexeex.exe
Size

146KB
MD5

7c3d7ffdfc18b8df417745d1fb324f5c
SHA1

b83ca5c21a9edee8dd9f9393e4693ab6d5ae4b36
SHA256

f908295e94acc2e74d25dfef86d45548b6c0072bfe26fbba3d3bd2309aa4d829
SHA512

e1665bfe32efc2983057132c525030dbf9fa1d70fc06f2e0812de9744442070c1c1b5890ca10c2f5eda2bc8f804e42eb75f40e91a3bd71e55286e238bc5327f0
SSDEEP

1536:V6QFElP6n+gMQMOtEvwDpjQGYQbxGYQbxGYQbPlooN2:V6a+pOtEvwDpjt22C

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2304	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2324	7c3d7ffdfc18b8exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 2304	2324	7c3d7ffdfc18b8exeexeexeex.exe	28
PID 2324 wrote to memory of 2304	2324	7c3d7ffdfc18b8exeexeexeex.exe	28
PID 2324 wrote to memory of 2304	2324	7c3d7ffdfc18b8exeexeexeex.exe	28
PID 2324 wrote to memory of 2304	2324	7c3d7ffdfc18b8exeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\7c3d7ffdfc18b8exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\7c3d7ffdfc18b8exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2304

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
146KB

MD5
701f8a2c8f57964c4945a1ffef04799e

SHA1
c04b976ac788cb848fec8f9b774bf506b6b43106

SHA256
8bb577168d9906f550283b89a8e2925c762962adc6ff6ce4407b3af62a7117cb

SHA512
ec9570c5e4de303b9073c3f4d2e8a10b2f45b7f2fc51d3ddfd4affc6c9572276e8c2c9d5122de48747e2da8d1782c7fea8c21ea5127d99173c16a5fe076408bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
146KB

MD5
701f8a2c8f57964c4945a1ffef04799e

SHA1
c04b976ac788cb848fec8f9b774bf506b6b43106

SHA256
8bb577168d9906f550283b89a8e2925c762962adc6ff6ce4407b3af62a7117cb

SHA512
ec9570c5e4de303b9073c3f4d2e8a10b2f45b7f2fc51d3ddfd4affc6c9572276e8c2c9d5122de48747e2da8d1782c7fea8c21ea5127d99173c16a5fe076408bf

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
146KB

MD5
701f8a2c8f57964c4945a1ffef04799e

SHA1
c04b976ac788cb848fec8f9b774bf506b6b43106

SHA256
8bb577168d9906f550283b89a8e2925c762962adc6ff6ce4407b3af62a7117cb

SHA512
ec9570c5e4de303b9073c3f4d2e8a10b2f45b7f2fc51d3ddfd4affc6c9572276e8c2c9d5122de48747e2da8d1782c7fea8c21ea5127d99173c16a5fe076408bf

Download Submit
memory/2304-68-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/2324-54-0x0000000000230000-0x0000000000236000-memory.dmp

Filesize
24KB

Download
memory/2324-55-0x0000000000260000-0x0000000000266000-memory.dmp

Filesize
24KB

Download