20d11dd9e3c833d0a19e201eb83eb8dbca41b9d962db4e5769844de934041ad3

Analysis

max time kernel
146s
max time network
153s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
10/07/2023, 18:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dc87f491b88cb8exeexeexeex.exe
Size

90KB
MD5

dc87f491b88cb8ae744a0385c700ca6c
SHA1

0804cc9c784b22772f13ae5367153d9bdc5d9301
SHA256

20d11dd9e3c833d0a19e201eb83eb8dbca41b9d962db4e5769844de934041ad3
SHA512

fe0a56bf2cb86e50470011d773c4c4a25f3ad8ee467802a9eaf92fa8f037fe3d1d4af789714b18fd6c51980f7efd2215243333997475512a471e0da3c1aacafb
SSDEEP

1536:V6QFElP6n+gMQMOtEvwDpjQGYQbNcqamvWHShlkoIg:V6a+pOtEvwDpjt9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3028	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2232	dc87f491b88cb8exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 3028	2232	dc87f491b88cb8exeexeexeex.exe	29
PID 2232 wrote to memory of 3028	2232	dc87f491b88cb8exeexeexeex.exe	29
PID 2232 wrote to memory of 3028	2232	dc87f491b88cb8exeexeexeex.exe	29
PID 2232 wrote to memory of 3028	2232	dc87f491b88cb8exeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\dc87f491b88cb8exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\dc87f491b88cb8exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:3028

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
90KB

MD5
6671eadf2cc5c054eb8f59696b459d1d

SHA1
01cce550ceecb490a1ba08819ba949298542ca70

SHA256
db9fe46371560193970fbb8e4a317a11f5e91bfa9225c36a8881aa7dc0b746e9

SHA512
a743d401a757501b2cf438bc94f056f0d2ae30e6b8d1d485ef6fb18b4b99f65c5cd461ea8fd9a19d49aadcd14f379a961a5cb4aad6be03f9cd41c8add2e2d2d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
90KB

MD5
6671eadf2cc5c054eb8f59696b459d1d

SHA1
01cce550ceecb490a1ba08819ba949298542ca70

SHA256
db9fe46371560193970fbb8e4a317a11f5e91bfa9225c36a8881aa7dc0b746e9

SHA512
a743d401a757501b2cf438bc94f056f0d2ae30e6b8d1d485ef6fb18b4b99f65c5cd461ea8fd9a19d49aadcd14f379a961a5cb4aad6be03f9cd41c8add2e2d2d1

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
90KB

MD5
6671eadf2cc5c054eb8f59696b459d1d

SHA1
01cce550ceecb490a1ba08819ba949298542ca70

SHA256
db9fe46371560193970fbb8e4a317a11f5e91bfa9225c36a8881aa7dc0b746e9

SHA512
a743d401a757501b2cf438bc94f056f0d2ae30e6b8d1d485ef6fb18b4b99f65c5cd461ea8fd9a19d49aadcd14f379a961a5cb4aad6be03f9cd41c8add2e2d2d1

Download Submit
memory/2232-54-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/2232-55-0x0000000000330000-0x0000000000336000-memory.dmp

Filesize
24KB

Download
memory/3028-68-0x0000000000360000-0x0000000000366000-memory.dmp

Filesize
24KB

Download