Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2023, 17:05

General

  • Target

    ba6463a6db64a7exeexeexeex.exe

  • Size

    102KB

  • MD5

    ba6463a6db64a77a751ebf0d14cea091

  • SHA1

    416600fc14caa101549b611a0f43671d3dea6b2d

  • SHA256

    a791da51897ffc31047e2037561e783386884ef12a78682d7e4a2dfeb3f398f3

  • SHA512

    6e0c1badc559f7c197cb43efe594402ff8d72c4bdbc6fd1d7642c3f23eb7e4cc58868a2c22eb68124a1dfe3d1be55cf3ea66660ff8e7a80fd1514065f4290572

  • SSDEEP

    1536:P8mnK6QFElP6n+gymddpMOtEvwDpjIHsalRn5iF1j6GR8I:1nK6a+qdOOtEvwDpjV

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba6463a6db64a7exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\ba6463a6db64a7exeexeexeex.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2368
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2172

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe

    Filesize

    102KB

    MD5

    e97bed130f276911889a381d3c8d4df4

    SHA1

    c4c343baf4c4e3a53f9d0279b3b8ed8529f5dfcc

    SHA256

    ca63a18d80d79d70f07316c002fc53baede211e60fba269ea89358c52a0fa394

    SHA512

    c814dcefb9140cbcdc85c79537f99a49101c053513771659544a453a792eb9373cbe3d7dd4475cad9b6785053485f383a7a7f7fc0bd1e5fad3d3ca06206c5321

  • C:\Users\Admin\AppData\Local\Temp\asih.exe

    Filesize

    102KB

    MD5

    e97bed130f276911889a381d3c8d4df4

    SHA1

    c4c343baf4c4e3a53f9d0279b3b8ed8529f5dfcc

    SHA256

    ca63a18d80d79d70f07316c002fc53baede211e60fba269ea89358c52a0fa394

    SHA512

    c814dcefb9140cbcdc85c79537f99a49101c053513771659544a453a792eb9373cbe3d7dd4475cad9b6785053485f383a7a7f7fc0bd1e5fad3d3ca06206c5321

  • \Users\Admin\AppData\Local\Temp\asih.exe

    Filesize

    102KB

    MD5

    e97bed130f276911889a381d3c8d4df4

    SHA1

    c4c343baf4c4e3a53f9d0279b3b8ed8529f5dfcc

    SHA256

    ca63a18d80d79d70f07316c002fc53baede211e60fba269ea89358c52a0fa394

    SHA512

    c814dcefb9140cbcdc85c79537f99a49101c053513771659544a453a792eb9373cbe3d7dd4475cad9b6785053485f383a7a7f7fc0bd1e5fad3d3ca06206c5321

  • memory/2172-69-0x0000000000350000-0x0000000000356000-memory.dmp

    Filesize

    24KB

  • memory/2172-76-0x0000000000500000-0x000000000050F311-memory.dmp

    Filesize

    60KB

  • memory/2368-54-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

  • memory/2368-55-0x00000000002F0000-0x00000000002F6000-memory.dmp

    Filesize

    24KB

  • memory/2368-67-0x0000000000500000-0x000000000050F311-memory.dmp

    Filesize

    60KB