Overview

overview

7

Static

static

3

8429c1fc9e...ex.exe

windows7-x64

7

8429c1fc9e...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2023, 16:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8429c1fc9eabd3exeexeexeex.exe

  • Size

    86KB

  • MD5

    8429c1fc9eabd3a5e07fc67995fd60f8

  • SHA1

    055bc9c8608793736b65223f6f88d9f9d46f59de

  • SHA256

    1fd980b58c1f15ae0ff16e96ae68ceb98ef5eb56db27a11dfb0693333cb94a2b

  • SHA512

    5daed9a91f8f731f2dd49b09edef12f82c44e8b710bfbf19c8b3a88de37ce96aa0c5e73bde9809cdd2230222d657be3e7642be62339aaa8211ffd92666d884c2

  • SSDEEP

    1536:V6QFElP6n+gMQMOtEvwDpjQGYQbNcqamvW8:V6a+pOtEvwDpjtx

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8429c1fc9eabd3exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\8429c1fc9eabd3exeexeexeex.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2440

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          86KB

          MD5

          46fc81eecdc742ebd698001d563de640

          SHA1

          c3858839228a12f558c4f1b398deab04003434ef

          SHA256

          779c50a2352b84552d05b331385551c059773455678401d3ba37c8c9045729ec

          SHA512

          76743d58fe21ce4808790e0dd58a8eff9210904a48c990c630ab7fca5b2f7aad7f0ac06022097b5ff8e58d01b65dbe34d8d6e2e6c7646ca3d7217a2224415fe6

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          86KB

          MD5

          46fc81eecdc742ebd698001d563de640

          SHA1

          c3858839228a12f558c4f1b398deab04003434ef

          SHA256

          779c50a2352b84552d05b331385551c059773455678401d3ba37c8c9045729ec

          SHA512

          76743d58fe21ce4808790e0dd58a8eff9210904a48c990c630ab7fca5b2f7aad7f0ac06022097b5ff8e58d01b65dbe34d8d6e2e6c7646ca3d7217a2224415fe6

          Download Submit

        • \Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          86KB

          MD5

          46fc81eecdc742ebd698001d563de640

          SHA1

          c3858839228a12f558c4f1b398deab04003434ef

          SHA256

          779c50a2352b84552d05b331385551c059773455678401d3ba37c8c9045729ec

          SHA512

          76743d58fe21ce4808790e0dd58a8eff9210904a48c990c630ab7fca5b2f7aad7f0ac06022097b5ff8e58d01b65dbe34d8d6e2e6c7646ca3d7217a2224415fe6

          Download Submit

        • memory/2112-54-0x0000000000240000-0x0000000000246000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2112-55-0x0000000000370000-0x0000000000376000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2440-68-0x0000000000330000-0x0000000000336000-memory.dmp

          Filesize

          24KB

          Download