95726c75e787534565996406f804b2da9d2eb0eb1bd81f5b8843bf1f5ace566a

Analysis

max time kernel
152s
max time network
165s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
10/07/2023, 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dcb0cb2a3b3df1exeexeexeex.exe
Size

77KB
MD5

dcb0cb2a3b3df1bd19b39bcbc1e838aa
SHA1

d2e9a195fe6824f8e6c00fb474f1f07922f156ef
SHA256

95726c75e787534565996406f804b2da9d2eb0eb1bd81f5b8843bf1f5ace566a
SHA512

c6d483a22766e00edd7c0add3e84514ce3e81a7ca9856ed677a8f41e342dd4feebdfceb545aea9f06dc82f3edd38a2eb2cf8ef42059ae08d7cee1c09d777d82f
SSDEEP

1536:ZzFbxmLPWQMOtEvwDpj386Sj/WprgJNpsAnJYqdIRhpH8SH:ZVxkGOtEvwDpjcN+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3028	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2664	dcb0cb2a3b3df1exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 3028	2664	dcb0cb2a3b3df1exeexeexeex.exe	29
PID 2664 wrote to memory of 3028	2664	dcb0cb2a3b3df1exeexeexeex.exe	29
PID 2664 wrote to memory of 3028	2664	dcb0cb2a3b3df1exeexeexeex.exe	29
PID 2664 wrote to memory of 3028	2664	dcb0cb2a3b3df1exeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\dcb0cb2a3b3df1exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\dcb0cb2a3b3df1exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:3028

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
77KB

MD5
a4f9532d31910c9e38ee4ec2b07d7431

SHA1
d1c34f0199443044c7c3553a34df9827e22ce4c1

SHA256
08851f3c2e6a22ca12997cfe123054bfb628eaf67996350708238933cca12a30

SHA512
e233b6ec0cb1477ab9a4092955ad49a5275e6451543106c0129dfc334ef48ab49760e1299de05c796e2ff782539fb837a7258f4a60706cd8be4c26696e2d44a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
77KB

MD5
a4f9532d31910c9e38ee4ec2b07d7431

SHA1
d1c34f0199443044c7c3553a34df9827e22ce4c1

SHA256
08851f3c2e6a22ca12997cfe123054bfb628eaf67996350708238933cca12a30

SHA512
e233b6ec0cb1477ab9a4092955ad49a5275e6451543106c0129dfc334ef48ab49760e1299de05c796e2ff782539fb837a7258f4a60706cd8be4c26696e2d44a0

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
77KB

MD5
a4f9532d31910c9e38ee4ec2b07d7431

SHA1
d1c34f0199443044c7c3553a34df9827e22ce4c1

SHA256
08851f3c2e6a22ca12997cfe123054bfb628eaf67996350708238933cca12a30

SHA512
e233b6ec0cb1477ab9a4092955ad49a5275e6451543106c0129dfc334ef48ab49760e1299de05c796e2ff782539fb837a7258f4a60706cd8be4c26696e2d44a0

Download Submit
memory/2664-54-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2664-55-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/3028-68-0x0000000000470000-0x0000000000476000-memory.dmp

Filesize
24KB

Download
memory/3028-75-0x0000000000230000-0x0000000000236000-memory.dmp

Filesize
24KB

Download
memory/3028-76-0x0000000000230000-0x0000000000236000-memory.dmp

Filesize
24KB

Download