Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
10/07/2023, 16:18
Behavioral task
behavioral1
Sample
d2e50ddfa2f4bcexeexeexeex.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
d2e50ddfa2f4bcexeexeexeex.exe
Resource
win10v2004-20230703-en
General
-
Target
d2e50ddfa2f4bcexeexeexeex.exe
-
Size
75KB
-
MD5
d2e50ddfa2f4bc534c2bbdc61f6b407c
-
SHA1
def9c53471d460021ec1b52da70c6b7e86916cae
-
SHA256
f9cbc2da11f872f15d09ba62f0c25dc8cd7afab07e427a4368c3458307da079a
-
SHA512
8a89a6b021be988a982bb5b7842d99ddd9ae2a7ec1c7658fdc16eeacab3008c4c74a9a7bb67b1a978791732ec15392efd2f8c7b5bef1652520fcbc6f76b7dfee
-
SSDEEP
1536:P8mnK6QFElP6n+gymddpMOtEvwDpjIHsalDSz:1nK6a+qdOOtEvwDpjB
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2564 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 2396 d2e50ddfa2f4bcexeexeexeex.exe -
resource yara_rule behavioral1/files/0x000b00000001226e-63.dat upx behavioral1/memory/2396-67-0x0000000000500000-0x000000000050F311-memory.dmp upx behavioral1/files/0x000b00000001226e-66.dat upx behavioral1/files/0x000b00000001226e-75.dat upx behavioral1/memory/2564-76-0x0000000000500000-0x000000000050F311-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2396 wrote to memory of 2564 2396 d2e50ddfa2f4bcexeexeexeex.exe 28 PID 2396 wrote to memory of 2564 2396 d2e50ddfa2f4bcexeexeexeex.exe 28 PID 2396 wrote to memory of 2564 2396 d2e50ddfa2f4bcexeexeexeex.exe 28 PID 2396 wrote to memory of 2564 2396 d2e50ddfa2f4bcexeexeexeex.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\d2e50ddfa2f4bcexeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\d2e50ddfa2f4bcexeexeexeex.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2396 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:2564
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
75KB
MD5a5d4baa125d6fcd56fa535a14588c80f
SHA1dc02177360b90a246314db4aa3569faa051b7cc7
SHA2565b85946c911d62f9a44ae7ad57a44aa1d3418c04ecbd352aa218bbae43dbf2d6
SHA512b78b2ec6cd72e4f299a910e0a4a198e663857c849750cf436197896b7279dc1fd75c535bac90c953aa0faa0b4e1982243377f42388a607c2238248b9ac48f138
-
Filesize
75KB
MD5a5d4baa125d6fcd56fa535a14588c80f
SHA1dc02177360b90a246314db4aa3569faa051b7cc7
SHA2565b85946c911d62f9a44ae7ad57a44aa1d3418c04ecbd352aa218bbae43dbf2d6
SHA512b78b2ec6cd72e4f299a910e0a4a198e663857c849750cf436197896b7279dc1fd75c535bac90c953aa0faa0b4e1982243377f42388a607c2238248b9ac48f138
-
Filesize
75KB
MD5a5d4baa125d6fcd56fa535a14588c80f
SHA1dc02177360b90a246314db4aa3569faa051b7cc7
SHA2565b85946c911d62f9a44ae7ad57a44aa1d3418c04ecbd352aa218bbae43dbf2d6
SHA512b78b2ec6cd72e4f299a910e0a4a198e663857c849750cf436197896b7279dc1fd75c535bac90c953aa0faa0b4e1982243377f42388a607c2238248b9ac48f138