397935d84f2d1ba11c7f1713ac1a435108da1409a56b7d3d1338615a13ef15e2

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20230705-en
resource tags

arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system
submitted
09/07/2023, 07:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9dd45bd5dd6784exeexeexeex.exe
Size

35KB
MD5

9dd45bd5dd67840e127d403093890742
SHA1

b354810ecdcc7d92b65a8fdb69d13747178bab9b
SHA256

397935d84f2d1ba11c7f1713ac1a435108da1409a56b7d3d1338615a13ef15e2
SHA512

4c885584a25856850ca8523a400530cf90af5a67a21fbccd11f40b3e08cfe045fedda6407f10213f9df3de2c6bce5a74c6ddc58c2671af1f628369bcb2d803b2
SSDEEP

384:bgX4uGLLQRcsdeQ7/nQu63Ag7YmecFanrlwfjDUkKDfWf0w3Yxp4t8nP:bgX4zYcgTEu6QOaryfjqDDw303P

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2236	hasfj.exe

Loads dropped DLL 1 IoCs

pid	Process
3012	9dd45bd5dd6784exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2236	3012	9dd45bd5dd6784exeexeexeex.exe	27
PID 3012 wrote to memory of 2236	3012	9dd45bd5dd6784exeexeexeex.exe	27
PID 3012 wrote to memory of 2236	3012	9dd45bd5dd6784exeexeexeex.exe	27
PID 3012 wrote to memory of 2236	3012	9dd45bd5dd6784exeexeexeex.exe	27

C:\Users\Admin\AppData\Local\Temp\9dd45bd5dd6784exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\9dd45bd5dd6784exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Users\Admin\AppData\Local\Temp\hasfj.exe
  "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
  2⤵
  - Executes dropped EXE
  PID:2236

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
35KB

MD5
18e9f5a52c736b032ae5160fc04bd857

SHA1
839d93aa80d310e6c0d5be0fd20ba4cef94f3d9d

SHA256
d6ded512e72ce89328139a0ae4fc91304f4fa70940e24b9b1fa734336f94bc8a

SHA512
388f5dc4638a48dba21bdfb6da00c3d2862fe030f52bd3f2c028eb881618aed9ab68dca6cba5283c87d20ab008a2b587b53a5ad5e807760f81c57ecfae468ce2

Download Submit
C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
35KB

MD5
18e9f5a52c736b032ae5160fc04bd857

SHA1
839d93aa80d310e6c0d5be0fd20ba4cef94f3d9d

SHA256
d6ded512e72ce89328139a0ae4fc91304f4fa70940e24b9b1fa734336f94bc8a

SHA512
388f5dc4638a48dba21bdfb6da00c3d2862fe030f52bd3f2c028eb881618aed9ab68dca6cba5283c87d20ab008a2b587b53a5ad5e807760f81c57ecfae468ce2

Download Submit
\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
35KB

MD5
18e9f5a52c736b032ae5160fc04bd857

SHA1
839d93aa80d310e6c0d5be0fd20ba4cef94f3d9d

SHA256
d6ded512e72ce89328139a0ae4fc91304f4fa70940e24b9b1fa734336f94bc8a

SHA512
388f5dc4638a48dba21bdfb6da00c3d2862fe030f52bd3f2c028eb881618aed9ab68dca6cba5283c87d20ab008a2b587b53a5ad5e807760f81c57ecfae468ce2

Download Submit
memory/2236-68-0x0000000000470000-0x0000000000476000-memory.dmp

Filesize
24KB

Download
memory/3012-54-0x0000000000380000-0x0000000000386000-memory.dmp

Filesize
24KB

Download
memory/3012-55-0x00000000003A0000-0x00000000003A6000-memory.dmp

Filesize
24KB

Download