8645d029a5c70df5f3956b85811d31b3acd52d3492d1d3a30316221af97f5ed8

Analysis

max time kernel
148s
max time network
154s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
09/07/2023, 15:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b1030edf1d3fccexeexeexeex.exe
Size

29KB
MD5

b1030edf1d3fcc2ec0559a237b883dad
SHA1

62ef2bcde5e5ac6e0feff96d59e7e6e07d9c2b54
SHA256

8645d029a5c70df5f3956b85811d31b3acd52d3492d1d3a30316221af97f5ed8
SHA512

f02e9ab608d578577ba49df214a39b1e61a14e40ed80c1f48fbd78ce826f01eaf3e5a9236b46c5a8912af7e9136bf7f42b2881b631657f926e58ca156c155f14
SSDEEP

384:bA74uGLLQRcsdeQ72ngEr4K7YmE8j60nrlwfjDUZ0psObGqWBZ5:bA74zYcgT/Ekd0ryfjeRtBH

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2960	hasfj.exe

Loads dropped DLL 1 IoCs

pid	Process
2288	b1030edf1d3fccexeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 2960	2288	b1030edf1d3fccexeexeexeex.exe	28
PID 2288 wrote to memory of 2960	2288	b1030edf1d3fccexeexeexeex.exe	28
PID 2288 wrote to memory of 2960	2288	b1030edf1d3fccexeexeexeex.exe	28
PID 2288 wrote to memory of 2960	2288	b1030edf1d3fccexeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\b1030edf1d3fccexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\b1030edf1d3fccexeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Users\Admin\AppData\Local\Temp\hasfj.exe
  "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
  2⤵
  - Executes dropped EXE
  PID:2960

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
29KB

MD5
cca0822e19a5b19264e3565f07377257

SHA1
cb5879775766d8881ee01d790a8db1ccc3294772

SHA256
b80a34db4dc232a4c1b6131c1861604889e3363fd4443c3e3cba28a91cfccdc1

SHA512
f6dd106477a786c916d52e1355682395a125762336ac53efb411a3d0d4548b7abbf896522d99b5bfeb8c04f8ed38457882f5ae1b1f6d0a7458e9c62040c944cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
29KB

MD5
cca0822e19a5b19264e3565f07377257

SHA1
cb5879775766d8881ee01d790a8db1ccc3294772

SHA256
b80a34db4dc232a4c1b6131c1861604889e3363fd4443c3e3cba28a91cfccdc1

SHA512
f6dd106477a786c916d52e1355682395a125762336ac53efb411a3d0d4548b7abbf896522d99b5bfeb8c04f8ed38457882f5ae1b1f6d0a7458e9c62040c944cd

Download Submit
\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
29KB

MD5
cca0822e19a5b19264e3565f07377257

SHA1
cb5879775766d8881ee01d790a8db1ccc3294772

SHA256
b80a34db4dc232a4c1b6131c1861604889e3363fd4443c3e3cba28a91cfccdc1

SHA512
f6dd106477a786c916d52e1355682395a125762336ac53efb411a3d0d4548b7abbf896522d99b5bfeb8c04f8ed38457882f5ae1b1f6d0a7458e9c62040c944cd

Download Submit
memory/2288-54-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2288-55-0x00000000002A0000-0x00000000002A6000-memory.dmp

Filesize
24KB

Download
memory/2960-68-0x0000000000360000-0x0000000000366000-memory.dmp

Filesize
24KB

Download