ce76b16f3cf9dae91ccfd2a05cfd906b58b0daf4244b841589f30a62858b47b9

Analysis

max time kernel
148s
max time network
154s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
09/07/2023, 16:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6ced86fecc89bexeexeexeex.exe
Size

36KB
MD5

b6ced86fecc89ba8e2892cdccc4246e1
SHA1

926429817f112750916ae035da1c1782a672a1c1
SHA256

ce76b16f3cf9dae91ccfd2a05cfd906b58b0daf4244b841589f30a62858b47b9
SHA512

b70662c4c9f84cfd0638ccaa2d2cb1adf64b0fcb8955f983bd984b5bc63ace649646ad9ae7f5b211236bd6214f5fe693e5668518d00bef99d4a805356fd53d8e
SSDEEP

384:bgX4uGLLQRcsdeQ7/nQu63Ag7YmecFanrlwfjDUkKDfWf6XT+72kmGYjllM0:bgX4zYcgTEu6QOaryfjqDlC7rYZlM0

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2324	hasfj.exe

Loads dropped DLL 1 IoCs

pid	Process
2364	b6ced86fecc89bexeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2324	2364	b6ced86fecc89bexeexeexeex.exe	28
PID 2364 wrote to memory of 2324	2364	b6ced86fecc89bexeexeexeex.exe	28
PID 2364 wrote to memory of 2324	2364	b6ced86fecc89bexeexeexeex.exe	28
PID 2364 wrote to memory of 2324	2364	b6ced86fecc89bexeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\b6ced86fecc89bexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\b6ced86fecc89bexeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Users\Admin\AppData\Local\Temp\hasfj.exe
  "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
  2⤵
  - Executes dropped EXE
  PID:2324

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
37KB

MD5
f3437da2ce60f5782a37bae28e89f90f

SHA1
14da8ded322f84d259cfaccc5e85a8c8fb909ea1

SHA256
0ad5c3b4b8c632a766ba19898ce73c5d93b0686bf68889ab70e807a27928820b

SHA512
85b250bd39ac633e4e1f8ce2ebfa4ae9878bb37b5d8251b5c2cf901498e123004bf2afda7c3802b819a755676c035005278c137d35ed67ff1fc8c6d8fca83106

Download Submit
C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
37KB

MD5
f3437da2ce60f5782a37bae28e89f90f

SHA1
14da8ded322f84d259cfaccc5e85a8c8fb909ea1

SHA256
0ad5c3b4b8c632a766ba19898ce73c5d93b0686bf68889ab70e807a27928820b

SHA512
85b250bd39ac633e4e1f8ce2ebfa4ae9878bb37b5d8251b5c2cf901498e123004bf2afda7c3802b819a755676c035005278c137d35ed67ff1fc8c6d8fca83106

Download Submit
\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
37KB

MD5
f3437da2ce60f5782a37bae28e89f90f

SHA1
14da8ded322f84d259cfaccc5e85a8c8fb909ea1

SHA256
0ad5c3b4b8c632a766ba19898ce73c5d93b0686bf68889ab70e807a27928820b

SHA512
85b250bd39ac633e4e1f8ce2ebfa4ae9878bb37b5d8251b5c2cf901498e123004bf2afda7c3802b819a755676c035005278c137d35ed67ff1fc8c6d8fca83106

Download Submit
memory/2324-68-0x0000000000490000-0x0000000000496000-memory.dmp

Filesize
24KB

Download
memory/2364-54-0x0000000002900000-0x0000000002906000-memory.dmp

Filesize
24KB

Download
memory/2364-55-0x0000000002920000-0x0000000002926000-memory.dmp

Filesize
24KB

Download