4967657df699ed51835bbe8b0e6684dc82dde20fa32f4752fb1fb2ee4abfe6f7

Analysis

max time kernel
151s
max time network
157s
platform
windows7_x64
resource
win7-20230705-en
resource tags

arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system
submitted
10/07/2023, 15:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ce922f19480288exeexeexeex.exe
Size

87KB
MD5

ce922f1948028873168efca983000340
SHA1

668b39dcccf531a34b98d158eb1fe9fa5a5bef6b
SHA256

4967657df699ed51835bbe8b0e6684dc82dde20fa32f4752fb1fb2ee4abfe6f7
SHA512

c39d81e94e7afd7cb60173d5488ef11d199ad0b714084db80df6ab2d52d9a2d5df7a66f1e029dc381c7ac315561e28bc29b35d04b666aed3af9f9bb15c431f61
SSDEEP

1536:vj+jsMQMOtEvwDpj5H8u8rBN6nqEZNieRpUS6:vCjsIOtEvwDpj5H8zPR

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2360	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1984	ce922f19480288exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 2360	1984	ce922f19480288exeexeexeex.exe	27
PID 1984 wrote to memory of 2360	1984	ce922f19480288exeexeexeex.exe	27
PID 1984 wrote to memory of 2360	1984	ce922f19480288exeexeexeex.exe	27
PID 1984 wrote to memory of 2360	1984	ce922f19480288exeexeexeex.exe	27

C:\Users\Admin\AppData\Local\Temp\ce922f19480288exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\ce922f19480288exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2360

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
87KB

MD5
04f7bc9f38427385982c9d30216a5634

SHA1
64d70d3057dca167c7877c65fb18f869236853e6

SHA256
4834d33a51be99db40b5a86218ebf8b4c5c1d6a2956a7fc606c8df46e4f730d9

SHA512
670b7401e39d36f884fa5f99b77544b369ed567d9b3d076e28fb60515fb95b34734fe3b5da8acbbb5f4f9e76832aed9d5bbdb00245ab7b7f6c40336096397fa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
87KB

MD5
04f7bc9f38427385982c9d30216a5634

SHA1
64d70d3057dca167c7877c65fb18f869236853e6

SHA256
4834d33a51be99db40b5a86218ebf8b4c5c1d6a2956a7fc606c8df46e4f730d9

SHA512
670b7401e39d36f884fa5f99b77544b369ed567d9b3d076e28fb60515fb95b34734fe3b5da8acbbb5f4f9e76832aed9d5bbdb00245ab7b7f6c40336096397fa8

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
87KB

MD5
04f7bc9f38427385982c9d30216a5634

SHA1
64d70d3057dca167c7877c65fb18f869236853e6

SHA256
4834d33a51be99db40b5a86218ebf8b4c5c1d6a2956a7fc606c8df46e4f730d9

SHA512
670b7401e39d36f884fa5f99b77544b369ed567d9b3d076e28fb60515fb95b34734fe3b5da8acbbb5f4f9e76832aed9d5bbdb00245ab7b7f6c40336096397fa8

Download Submit
memory/1984-54-0x00000000002D0000-0x00000000002D6000-memory.dmp

Filesize
24KB

Download
memory/1984-55-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/2360-68-0x0000000000450000-0x0000000000456000-memory.dmp

Filesize
24KB

Download