f9cbc2da11f872f15d09ba62f0c25dc8cd7afab07e427a4368c3458307da079a

Analysis

max time kernel
147s
max time network
151s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
10/07/2023, 16:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d2e50ddfa2f4bcexeexeexeex.exe
Size

75KB
MD5

d2e50ddfa2f4bc534c2bbdc61f6b407c
SHA1

def9c53471d460021ec1b52da70c6b7e86916cae
SHA256

f9cbc2da11f872f15d09ba62f0c25dc8cd7afab07e427a4368c3458307da079a
SHA512

8a89a6b021be988a982bb5b7842d99ddd9ae2a7ec1c7658fdc16eeacab3008c4c74a9a7bb67b1a978791732ec15392efd2f8c7b5bef1652520fcbc6f76b7dfee
SSDEEP

1536:P8mnK6QFElP6n+gymddpMOtEvwDpjIHsalDSz:1nK6a+qdOOtEvwDpjB

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2564	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2396	d2e50ddfa2f4bcexeexeexeex.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000b00000001226e-63.dat	upx
behavioral1/memory/2396-67-0x0000000000500000-0x000000000050F311-memory.dmp	upx
behavioral1/files/0x000b00000001226e-66.dat	upx
behavioral1/files/0x000b00000001226e-75.dat	upx
behavioral1/memory/2564-76-0x0000000000500000-0x000000000050F311-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 2564	2396	d2e50ddfa2f4bcexeexeexeex.exe	28
PID 2396 wrote to memory of 2564	2396	d2e50ddfa2f4bcexeexeexeex.exe	28
PID 2396 wrote to memory of 2564	2396	d2e50ddfa2f4bcexeexeexeex.exe	28
PID 2396 wrote to memory of 2564	2396	d2e50ddfa2f4bcexeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\d2e50ddfa2f4bcexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\d2e50ddfa2f4bcexeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2564

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
75KB

MD5
a5d4baa125d6fcd56fa535a14588c80f

SHA1
dc02177360b90a246314db4aa3569faa051b7cc7

SHA256
5b85946c911d62f9a44ae7ad57a44aa1d3418c04ecbd352aa218bbae43dbf2d6

SHA512
b78b2ec6cd72e4f299a910e0a4a198e663857c849750cf436197896b7279dc1fd75c535bac90c953aa0faa0b4e1982243377f42388a607c2238248b9ac48f138

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
75KB

MD5
a5d4baa125d6fcd56fa535a14588c80f

SHA1
dc02177360b90a246314db4aa3569faa051b7cc7

SHA256
5b85946c911d62f9a44ae7ad57a44aa1d3418c04ecbd352aa218bbae43dbf2d6

SHA512
b78b2ec6cd72e4f299a910e0a4a198e663857c849750cf436197896b7279dc1fd75c535bac90c953aa0faa0b4e1982243377f42388a607c2238248b9ac48f138

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
75KB

MD5
a5d4baa125d6fcd56fa535a14588c80f

SHA1
dc02177360b90a246314db4aa3569faa051b7cc7

SHA256
5b85946c911d62f9a44ae7ad57a44aa1d3418c04ecbd352aa218bbae43dbf2d6

SHA512
b78b2ec6cd72e4f299a910e0a4a198e663857c849750cf436197896b7279dc1fd75c535bac90c953aa0faa0b4e1982243377f42388a607c2238248b9ac48f138

Download Submit
memory/2396-54-0x0000000000330000-0x0000000000336000-memory.dmp

Filesize
24KB

Download
memory/2396-55-0x0000000000360000-0x0000000000366000-memory.dmp

Filesize
24KB

Download
memory/2396-67-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download
memory/2564-69-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2564-76-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download