13817f79224197121c3ecd9a6326387b3108d3d153f60de2a912f0106aecda34

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
09/07/2023, 16:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b3b2664e39ce23exeexeexeex.exe
Size

42KB
MD5

b3b2664e39ce23128c61e3056d317cb6
SHA1

470e05ba244583bd3b4729899eb076648c989a88
SHA256

13817f79224197121c3ecd9a6326387b3108d3d153f60de2a912f0106aecda34
SHA512

2ef973360df08e21e3d001f9e74c45a4346fea0d4c11ad13b0f04bd98b60ca9f236dd7a9c4c94b0476251b209ec581a45b411bdf4eab5789d7a4e4350202883d
SSDEEP

768:bxNQIE0eBhkL2Fo1CCwgfjOg9AeWwQEhFGZM:bxNrC7kYo1Fxf2el+M

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2244	pissa.exe

Loads dropped DLL 1 IoCs

pid	Process
296	b3b2664e39ce23exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 296 wrote to memory of 2244	296	b3b2664e39ce23exeexeexeex.exe	29
PID 296 wrote to memory of 2244	296	b3b2664e39ce23exeexeexeex.exe	29
PID 296 wrote to memory of 2244	296	b3b2664e39ce23exeexeexeex.exe	29
PID 296 wrote to memory of 2244	296	b3b2664e39ce23exeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\b3b2664e39ce23exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\b3b2664e39ce23exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:296
- C:\Users\Admin\AppData\Local\Temp\pissa.exe
  "C:\Users\Admin\AppData\Local\Temp\pissa.exe"
  2⤵
  - Executes dropped EXE
  PID:2244

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\pissa.exe

Filesize
42KB

MD5
47f257027a1885c9b12146f4150dfd9c

SHA1
db5e41b3b3c1ccacd39fefe8be085bb843e4e42d

SHA256
44f7a6ada22fe95864fe7e0b5e264f814e71bf07d20cc576cf8f4418881664a1

SHA512
14661e185526dedbc3a453b9b24bd05c8ab3b5e7ed9b8c84122fed533e4a93521a2a2216de12197de519b383afd89aac8c341c6b219d98af24a8f4235303530b

Download Submit
C:\Users\Admin\AppData\Local\Temp\pissa.exe

Filesize
42KB

MD5
47f257027a1885c9b12146f4150dfd9c

SHA1
db5e41b3b3c1ccacd39fefe8be085bb843e4e42d

SHA256
44f7a6ada22fe95864fe7e0b5e264f814e71bf07d20cc576cf8f4418881664a1

SHA512
14661e185526dedbc3a453b9b24bd05c8ab3b5e7ed9b8c84122fed533e4a93521a2a2216de12197de519b383afd89aac8c341c6b219d98af24a8f4235303530b

Download Submit
\Users\Admin\AppData\Local\Temp\pissa.exe

Filesize
42KB

MD5
47f257027a1885c9b12146f4150dfd9c

SHA1
db5e41b3b3c1ccacd39fefe8be085bb843e4e42d

SHA256
44f7a6ada22fe95864fe7e0b5e264f814e71bf07d20cc576cf8f4418881664a1

SHA512
14661e185526dedbc3a453b9b24bd05c8ab3b5e7ed9b8c84122fed533e4a93521a2a2216de12197de519b383afd89aac8c341c6b219d98af24a8f4235303530b

Download Submit
memory/296-54-0x00000000003B0000-0x00000000003B6000-memory.dmp

Filesize
24KB

Download
memory/296-55-0x00000000003D0000-0x00000000003D6000-memory.dmp

Filesize
24KB

Download
memory/2244-68-0x0000000000290000-0x0000000000296000-memory.dmp

Filesize
24KB

Download