45d0896cc87cf7edadcf12f2b2b872903f1de6ace18e228f8036472bf81060e2

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
09/07/2023, 08:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9fdb73744323cbexeexeexeex.exe
Size

26KB
MD5

9fdb73744323cb9da571bfd884162602
SHA1

117a1e29023f5ca0f22dbe65491ee6a308924b1b
SHA256

45d0896cc87cf7edadcf12f2b2b872903f1de6ace18e228f8036472bf81060e2
SHA512

cd972760ef70a35d75d0b4c118ccee0407248d157eb023553a2f09fa6150dc4a9b0dbe541cb583ed25e6ce8400891a058a775c8b16c23d86705cdd8fd1ad04d9
SSDEEP

384:bIDl1ovmXAw9PMDREhi9OUSPlRxMc/cip7IAfjDb4YWV:bIDOw9UiaCHfjnIV

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2380	lossy.exe

Loads dropped DLL 1 IoCs

pid	Process
2336	9fdb73744323cbexeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2380	2336	9fdb73744323cbexeexeexeex.exe	29
PID 2336 wrote to memory of 2380	2336	9fdb73744323cbexeexeexeex.exe	29
PID 2336 wrote to memory of 2380	2336	9fdb73744323cbexeexeexeex.exe	29
PID 2336 wrote to memory of 2380	2336	9fdb73744323cbexeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\9fdb73744323cbexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\9fdb73744323cbexeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Users\Admin\AppData\Local\Temp\lossy.exe
  "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
  2⤵
  - Executes dropped EXE
  PID:2380

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
27KB

MD5
fd0a2276db2ad4d89402facd464440b4

SHA1
1ab93f5f62edc8882d1cb2b96b948b8ff3ae8829

SHA256
a10276a270b934e4e399cbd9f451d150624491db4a2cfa1f37d0731fbeb825f4

SHA512
0b4120a2ae2a1156aa8c0e9cc19d3f9b130cab7c278b157664ef71ad72f48343b0bede47794c0712e8c6584d2bb26a2695973b4cf70f5e0991ece894b61f91eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
27KB

MD5
fd0a2276db2ad4d89402facd464440b4

SHA1
1ab93f5f62edc8882d1cb2b96b948b8ff3ae8829

SHA256
a10276a270b934e4e399cbd9f451d150624491db4a2cfa1f37d0731fbeb825f4

SHA512
0b4120a2ae2a1156aa8c0e9cc19d3f9b130cab7c278b157664ef71ad72f48343b0bede47794c0712e8c6584d2bb26a2695973b4cf70f5e0991ece894b61f91eb

Download Submit
\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
27KB

MD5
fd0a2276db2ad4d89402facd464440b4

SHA1
1ab93f5f62edc8882d1cb2b96b948b8ff3ae8829

SHA256
a10276a270b934e4e399cbd9f451d150624491db4a2cfa1f37d0731fbeb825f4

SHA512
0b4120a2ae2a1156aa8c0e9cc19d3f9b130cab7c278b157664ef71ad72f48343b0bede47794c0712e8c6584d2bb26a2695973b4cf70f5e0991ece894b61f91eb

Download Submit
memory/2336-54-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2336-55-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/2380-68-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download