Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    10/07/2023, 16:18

General

  • Target

    d2e50ddfa2f4bcexeexeexeex.exe

  • Size

    75KB

  • MD5

    d2e50ddfa2f4bc534c2bbdc61f6b407c

  • SHA1

    def9c53471d460021ec1b52da70c6b7e86916cae

  • SHA256

    f9cbc2da11f872f15d09ba62f0c25dc8cd7afab07e427a4368c3458307da079a

  • SHA512

    8a89a6b021be988a982bb5b7842d99ddd9ae2a7ec1c7658fdc16eeacab3008c4c74a9a7bb67b1a978791732ec15392efd2f8c7b5bef1652520fcbc6f76b7dfee

  • SSDEEP

    1536:P8mnK6QFElP6n+gymddpMOtEvwDpjIHsalDSz:1nK6a+qdOOtEvwDpjB

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d2e50ddfa2f4bcexeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\d2e50ddfa2f4bcexeexeexeex.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2396
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2564

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe

    Filesize

    75KB

    MD5

    a5d4baa125d6fcd56fa535a14588c80f

    SHA1

    dc02177360b90a246314db4aa3569faa051b7cc7

    SHA256

    5b85946c911d62f9a44ae7ad57a44aa1d3418c04ecbd352aa218bbae43dbf2d6

    SHA512

    b78b2ec6cd72e4f299a910e0a4a198e663857c849750cf436197896b7279dc1fd75c535bac90c953aa0faa0b4e1982243377f42388a607c2238248b9ac48f138

  • C:\Users\Admin\AppData\Local\Temp\asih.exe

    Filesize

    75KB

    MD5

    a5d4baa125d6fcd56fa535a14588c80f

    SHA1

    dc02177360b90a246314db4aa3569faa051b7cc7

    SHA256

    5b85946c911d62f9a44ae7ad57a44aa1d3418c04ecbd352aa218bbae43dbf2d6

    SHA512

    b78b2ec6cd72e4f299a910e0a4a198e663857c849750cf436197896b7279dc1fd75c535bac90c953aa0faa0b4e1982243377f42388a607c2238248b9ac48f138

  • \Users\Admin\AppData\Local\Temp\asih.exe

    Filesize

    75KB

    MD5

    a5d4baa125d6fcd56fa535a14588c80f

    SHA1

    dc02177360b90a246314db4aa3569faa051b7cc7

    SHA256

    5b85946c911d62f9a44ae7ad57a44aa1d3418c04ecbd352aa218bbae43dbf2d6

    SHA512

    b78b2ec6cd72e4f299a910e0a4a198e663857c849750cf436197896b7279dc1fd75c535bac90c953aa0faa0b4e1982243377f42388a607c2238248b9ac48f138

  • memory/2396-54-0x0000000000330000-0x0000000000336000-memory.dmp

    Filesize

    24KB

  • memory/2396-55-0x0000000000360000-0x0000000000366000-memory.dmp

    Filesize

    24KB

  • memory/2396-67-0x0000000000500000-0x000000000050F311-memory.dmp

    Filesize

    60KB

  • memory/2564-69-0x0000000000270000-0x0000000000276000-memory.dmp

    Filesize

    24KB

  • memory/2564-76-0x0000000000500000-0x000000000050F311-memory.dmp

    Filesize

    60KB