2488d96783e58afb20bc71ca470e6642e2d2dbe935f7c165947d0749803c000f

Analysis

max time kernel
149s
max time network
154s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
09/07/2023, 08:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a15b21c72766fdexeexeexeex.exe
Size

35KB
MD5

a15b21c72766fdf50262ed0187fc04c6
SHA1

b247b0b8e41c04ba5fbe82f2fab3497df717cc7b
SHA256

2488d96783e58afb20bc71ca470e6642e2d2dbe935f7c165947d0749803c000f
SHA512

e3bb6600c6b7ba8ed22f78c5652632cf1ae7b73064d69f755148b50750f9fba02f526c070dc42b35f735cdbae6660c9be0fa849ab55d3efe90ed51828d2821fb
SSDEEP

384:bgX4uGLLQRcsdeQ7/nQu63Ag7YmecFanrlwfjDUkKDfWf6XT+72DxLFZ:bgX4zYcgTEu6QOaryfjqDlC76LFZ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1864	hasfj.exe

Loads dropped DLL 1 IoCs

pid	Process
3064	a15b21c72766fdexeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 1864	3064	a15b21c72766fdexeexeexeex.exe	28
PID 3064 wrote to memory of 1864	3064	a15b21c72766fdexeexeexeex.exe	28
PID 3064 wrote to memory of 1864	3064	a15b21c72766fdexeexeexeex.exe	28
PID 3064 wrote to memory of 1864	3064	a15b21c72766fdexeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\a15b21c72766fdexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\a15b21c72766fdexeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Users\Admin\AppData\Local\Temp\hasfj.exe
  "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
  2⤵
  - Executes dropped EXE
  PID:1864

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
35KB

MD5
9b5c0cc7c28746ad52a9f13b53c3e9ce

SHA1
04d542ee5e8ee5930c5cde8dd10762d18bc9cd5f

SHA256
cdc53a5e137dbc8bc4cfd945bca7a1302cd6e3f43271be91e1dcc4d3d96d7f0e

SHA512
c8c054741cff6c22e3549fbf0c48c711197600d2933229a075da23a9bddc0e67106e1dc1481173dd214705907cfedf37701d092f80255a2e617d1749f7feae6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
35KB

MD5
9b5c0cc7c28746ad52a9f13b53c3e9ce

SHA1
04d542ee5e8ee5930c5cde8dd10762d18bc9cd5f

SHA256
cdc53a5e137dbc8bc4cfd945bca7a1302cd6e3f43271be91e1dcc4d3d96d7f0e

SHA512
c8c054741cff6c22e3549fbf0c48c711197600d2933229a075da23a9bddc0e67106e1dc1481173dd214705907cfedf37701d092f80255a2e617d1749f7feae6e

Download Submit
\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
35KB

MD5
9b5c0cc7c28746ad52a9f13b53c3e9ce

SHA1
04d542ee5e8ee5930c5cde8dd10762d18bc9cd5f

SHA256
cdc53a5e137dbc8bc4cfd945bca7a1302cd6e3f43271be91e1dcc4d3d96d7f0e

SHA512
c8c054741cff6c22e3549fbf0c48c711197600d2933229a075da23a9bddc0e67106e1dc1481173dd214705907cfedf37701d092f80255a2e617d1749f7feae6e

Download Submit
memory/1864-68-0x0000000000390000-0x0000000000396000-memory.dmp

Filesize
24KB

Download
memory/3064-54-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/3064-55-0x00000000002A0000-0x00000000002A6000-memory.dmp

Filesize
24KB

Download