2f5622e67611fe6423897010d59758773d994d7b587f1ba098bd9148cb7a1493

Analysis

max time kernel
147s
max time network
149s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
10/07/2023, 17:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d487da39a0c300exeexeexeex.exe
Size

63KB
MD5

d487da39a0c300e49109df3f3acd76b2
SHA1

2abb4c3b22eeb2079c250b9bc5192e4943dc9b8f
SHA256

2f5622e67611fe6423897010d59758773d994d7b587f1ba098bd9148cb7a1493
SHA512

d57d8fcb5892cc5cc46d543b1af069f8dfecb9ba2f20e5bd4b26a031bbe5a3d61699c0ebe4439c6785ad9e06b280a7f8b83740a18a50c5483693e3df53784d30
SSDEEP

1536:z6QFElP6n+gKmddpMOtEvwDpj9aYaFAetiD:z6a+CdOOtEvwDpjQe

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2304	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1312	d487da39a0c300exeexeexeex.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000b00000001227a-63.dat	upx
behavioral1/memory/1312-66-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x000b00000001227a-67.dat	upx
behavioral1/files/0x000b00000001227a-75.dat	upx
behavioral1/memory/2304-76-0x0000000000500000-0x0000000000510000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1312 wrote to memory of 2304	1312	d487da39a0c300exeexeexeex.exe	29
PID 1312 wrote to memory of 2304	1312	d487da39a0c300exeexeexeex.exe	29
PID 1312 wrote to memory of 2304	1312	d487da39a0c300exeexeexeex.exe	29
PID 1312 wrote to memory of 2304	1312	d487da39a0c300exeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\d487da39a0c300exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\d487da39a0c300exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1312
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2304

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
63KB

MD5
84e725dc0a0aeae0447b499d5dd015f1

SHA1
0215e3a4fc570ca65b251752b822e2ccde41b94b

SHA256
ee2f74788ea9c8081d52d84dd05cab7f3f8f8dce8291165fe1bb0e650046edf6

SHA512
c7151a11b1258ddc14edde6c68009294dc17eb5ec69dd598cb56ae4ee2454b29a152b0a5b3853d82efd6ebafefcdaa1328daa3492b04516a2440020ba19316a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
63KB

MD5
84e725dc0a0aeae0447b499d5dd015f1

SHA1
0215e3a4fc570ca65b251752b822e2ccde41b94b

SHA256
ee2f74788ea9c8081d52d84dd05cab7f3f8f8dce8291165fe1bb0e650046edf6

SHA512
c7151a11b1258ddc14edde6c68009294dc17eb5ec69dd598cb56ae4ee2454b29a152b0a5b3853d82efd6ebafefcdaa1328daa3492b04516a2440020ba19316a0

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
63KB

MD5
84e725dc0a0aeae0447b499d5dd015f1

SHA1
0215e3a4fc570ca65b251752b822e2ccde41b94b

SHA256
ee2f74788ea9c8081d52d84dd05cab7f3f8f8dce8291165fe1bb0e650046edf6

SHA512
c7151a11b1258ddc14edde6c68009294dc17eb5ec69dd598cb56ae4ee2454b29a152b0a5b3853d82efd6ebafefcdaa1328daa3492b04516a2440020ba19316a0

Download Submit
memory/1312-54-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/1312-55-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/1312-66-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2304-69-0x00000000002E0000-0x00000000002E6000-memory.dmp

Filesize
24KB

Download
memory/2304-76-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download