45f22bd171ca27491d191c2fa1fc273d79041d1b7b54795fb4d82bfeb8a1d113

Analysis

max time kernel
149s
max time network
152s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
08/07/2023, 17:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95ad5604dfc4e8exeexeexeex.exe
Size

32KB
MD5

95ad5604dfc4e813523890a9df58ec5b
SHA1

96c6f08aaff940f51174a1c722a99c3ef51111c2
SHA256

45f22bd171ca27491d191c2fa1fc273d79041d1b7b54795fb4d82bfeb8a1d113
SHA512

3319d540b30bbfe72c7413192ecc9df6fddfbfb081262a7e534e01d66b84a9c3c633583ea1f0f163a9c5f804fb6e8b712b56a31f426dc19b998198cafe641d30
SSDEEP

768:q0ZziOWwULueOSdE8tOOtEvwDpjeW00shzu:q0zizzOSxMOtEvwDpj/0dhq

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2304	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1656	95ad5604dfc4e8exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 2304	1656	95ad5604dfc4e8exeexeexeex.exe	29
PID 1656 wrote to memory of 2304	1656	95ad5604dfc4e8exeexeexeex.exe	29
PID 1656 wrote to memory of 2304	1656	95ad5604dfc4e8exeexeexeex.exe	29
PID 1656 wrote to memory of 2304	1656	95ad5604dfc4e8exeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\95ad5604dfc4e8exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\95ad5604dfc4e8exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2304

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
32KB

MD5
0549f50379624beebd7ae3229a939449

SHA1
3dffdd39c643ea09f16d786e9f204be9cdd8c351

SHA256
69346240bfe5d5fa8967a38d3dab60a6e715f34762244e1a419b266224eee5f9

SHA512
1ec3422eff8d1d32d4afac6e8fa39947f4addc371483e54fb9c2d40c9cfa7c19d4f8371fcc7abd6a697b2ab107211cef9651e5ca0b6322ec660450b930334f4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
32KB

MD5
0549f50379624beebd7ae3229a939449

SHA1
3dffdd39c643ea09f16d786e9f204be9cdd8c351

SHA256
69346240bfe5d5fa8967a38d3dab60a6e715f34762244e1a419b266224eee5f9

SHA512
1ec3422eff8d1d32d4afac6e8fa39947f4addc371483e54fb9c2d40c9cfa7c19d4f8371fcc7abd6a697b2ab107211cef9651e5ca0b6322ec660450b930334f4a

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
32KB

MD5
0549f50379624beebd7ae3229a939449

SHA1
3dffdd39c643ea09f16d786e9f204be9cdd8c351

SHA256
69346240bfe5d5fa8967a38d3dab60a6e715f34762244e1a419b266224eee5f9

SHA512
1ec3422eff8d1d32d4afac6e8fa39947f4addc371483e54fb9c2d40c9cfa7c19d4f8371fcc7abd6a697b2ab107211cef9651e5ca0b6322ec660450b930334f4a

Download Submit
memory/1656-54-0x00000000001C0000-0x00000000001C6000-memory.dmp

Filesize
24KB

Download
memory/1656-55-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/1656-67-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2304-69-0x0000000000490000-0x0000000000496000-memory.dmp

Filesize
24KB

Download
memory/2304-76-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download