a50991de2d8f36c5d30a6632806776058a0240f0ec3719e2bafc3198c031cada

Analysis

max time kernel
146s
max time network
149s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
10/07/2023, 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d43b2c1e242b75exeexeexeex.exe
Size

146KB
MD5

d43b2c1e242b756f34ddd7b57caaccb1
SHA1

b63ebcf71eba1f49922f40d5a9baea3c18c349b0
SHA256

a50991de2d8f36c5d30a6632806776058a0240f0ec3719e2bafc3198c031cada
SHA512

f77b369b0b3d3098c71e9978905d08228c8c161846ae75b3ed792351c040a9da44b2af0a0a5b4bf0f7633c566cc2ae9845add6777d82ce23c931717deba0d66f
SSDEEP

1536:V6QFElP6n+gMQMOtEvwDpjQGYQbxGYQbxGYQbPlooNb:V6a+pOtEvwDpjt22H

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2316	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1784	d43b2c1e242b75exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 2316	1784	d43b2c1e242b75exeexeexeex.exe	28
PID 1784 wrote to memory of 2316	1784	d43b2c1e242b75exeexeexeex.exe	28
PID 1784 wrote to memory of 2316	1784	d43b2c1e242b75exeexeexeex.exe	28
PID 1784 wrote to memory of 2316	1784	d43b2c1e242b75exeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\d43b2c1e242b75exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\d43b2c1e242b75exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1784
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2316

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
146KB

MD5
ff63b0653ffffa092e58ad562154e71e

SHA1
7f38749bb47e60266b0f833de9d58a793ba74d57

SHA256
52799494e41fb79e4e4bed9e1c6ce4dfd8672d44f1ff1302786b71709c38ae1a

SHA512
c30ab2fb04ff62ee5df3af21b734fe332bc64c0f075beda91e7e7e934b6a45aa06fff269233f8e74ff4096b1d395891bcd87131bbc48f2487319f034b9d8178a

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
146KB

MD5
ff63b0653ffffa092e58ad562154e71e

SHA1
7f38749bb47e60266b0f833de9d58a793ba74d57

SHA256
52799494e41fb79e4e4bed9e1c6ce4dfd8672d44f1ff1302786b71709c38ae1a

SHA512
c30ab2fb04ff62ee5df3af21b734fe332bc64c0f075beda91e7e7e934b6a45aa06fff269233f8e74ff4096b1d395891bcd87131bbc48f2487319f034b9d8178a

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
146KB

MD5
ff63b0653ffffa092e58ad562154e71e

SHA1
7f38749bb47e60266b0f833de9d58a793ba74d57

SHA256
52799494e41fb79e4e4bed9e1c6ce4dfd8672d44f1ff1302786b71709c38ae1a

SHA512
c30ab2fb04ff62ee5df3af21b734fe332bc64c0f075beda91e7e7e934b6a45aa06fff269233f8e74ff4096b1d395891bcd87131bbc48f2487319f034b9d8178a

Download Submit
memory/1784-54-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1784-55-0x0000000000470000-0x0000000000476000-memory.dmp

Filesize
24KB

Download
memory/2316-68-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download