a3a5b50e08848f901368655c35e8461b0e086e72f47e9c96edee87264ad33239

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
10/07/2023, 17:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d6dcedbf01b784exeexeexeex.exe
Size

78KB
MD5

d6dcedbf01b7848d0dcadf42fc9c02a8
SHA1

a3dbf7cd0a6c1f6cf564918f26a8f460b4a57d28
SHA256

a3a5b50e08848f901368655c35e8461b0e086e72f47e9c96edee87264ad33239
SHA512

0261578a2e93eab106f31e5edda39cd583f13e775f8a9277c924f97b61f1951a0539c1021bba75086d22fe58657ed7f8d44875f4de4bda5e25b85e40f4dea8d6
SSDEEP

1536:ZzFbxmLPWQMOtEvwDpj386Sj/Rs580gnW:ZVxkGOtEvwDpjcy

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1596	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1384	d6dcedbf01b784exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1384 wrote to memory of 1596	1384	d6dcedbf01b784exeexeexeex.exe	28
PID 1384 wrote to memory of 1596	1384	d6dcedbf01b784exeexeexeex.exe	28
PID 1384 wrote to memory of 1596	1384	d6dcedbf01b784exeexeexeex.exe	28
PID 1384 wrote to memory of 1596	1384	d6dcedbf01b784exeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\d6dcedbf01b784exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\d6dcedbf01b784exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1384
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:1596

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
79KB

MD5
1513a40271751f20722048f08eb3dde4

SHA1
8e79eb21abef673e7ac2148227b9050ebb2f0223

SHA256
657426ede4c9edaa073cad6591ed607f03dca6a6e02a19b8c39aea5faf8f2ba3

SHA512
2415c76a27ce4db604b6fe4b6662f219b9bcb50e452a2d48c0ebb109332aff4ac1587586b8d8eaab10dbf824b6553cdae7da7d9724718329bd7b26fa60960a0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
79KB

MD5
1513a40271751f20722048f08eb3dde4

SHA1
8e79eb21abef673e7ac2148227b9050ebb2f0223

SHA256
657426ede4c9edaa073cad6591ed607f03dca6a6e02a19b8c39aea5faf8f2ba3

SHA512
2415c76a27ce4db604b6fe4b6662f219b9bcb50e452a2d48c0ebb109332aff4ac1587586b8d8eaab10dbf824b6553cdae7da7d9724718329bd7b26fa60960a0e

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
79KB

MD5
1513a40271751f20722048f08eb3dde4

SHA1
8e79eb21abef673e7ac2148227b9050ebb2f0223

SHA256
657426ede4c9edaa073cad6591ed607f03dca6a6e02a19b8c39aea5faf8f2ba3

SHA512
2415c76a27ce4db604b6fe4b6662f219b9bcb50e452a2d48c0ebb109332aff4ac1587586b8d8eaab10dbf824b6553cdae7da7d9724718329bd7b26fa60960a0e

Download Submit
memory/1384-54-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1384-55-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/1596-68-0x00000000004A0000-0x00000000004A6000-memory.dmp

Filesize
24KB

Download
memory/1596-75-0x0000000000230000-0x00000000002B0000-memory.dmp

Filesize
512KB

Download