984ddc05b247b982d5ef1176f607fedb65dd31f758d3b1bf9de7f578c0b9b88b

Analysis

max time kernel
149s
max time network
154s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
10/07/2023, 18:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dccde9f5c81ae8exeexeexeex.exe
Size

37KB
MD5

dccde9f5c81ae8aab39c8e8ca82ca75c
SHA1

b1b5bfa0b4de7c041343e327aac5abb6af6159b1
SHA256

984ddc05b247b982d5ef1176f607fedb65dd31f758d3b1bf9de7f578c0b9b88b
SHA512

3d833de070ad15c04cb08413c38e1126ef1953e2ee2dfb0560ddeb46307bfcf0886acf9dd1f03f7f824f3441cb1a11661a50839dd64300d0eb4ffb13c9a27b5e
SSDEEP

384:bgX4uGLLQRcsdeQ7/nQu63Ag7YmecFanrlwfjDUkKDfWf6XT+72kmGYjllMB:bgX4zYcgTEu6QOaryfjqDlC7rYZlMB

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1112	hasfj.exe

Loads dropped DLL 1 IoCs

pid	Process
3008	dccde9f5c81ae8exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 1112	3008	dccde9f5c81ae8exeexeexeex.exe	29
PID 3008 wrote to memory of 1112	3008	dccde9f5c81ae8exeexeexeex.exe	29
PID 3008 wrote to memory of 1112	3008	dccde9f5c81ae8exeexeexeex.exe	29
PID 3008 wrote to memory of 1112	3008	dccde9f5c81ae8exeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\dccde9f5c81ae8exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\dccde9f5c81ae8exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Users\Admin\AppData\Local\Temp\hasfj.exe
  "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
  2⤵
  - Executes dropped EXE
  PID:1112

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
37KB

MD5
ceb8bf9b1ed3a86725c99440206a0d17

SHA1
157580d87f6d1f70924da8fbdf7c77ba95ec0445

SHA256
1a56571c9d276aa0d1e68bab0f157e4a17e124ae58520d92121d659092af7a70

SHA512
7f39ffe74b3b5cb2fda26eae174ecd49168c2b03637e8500a96600a0a6877905b115292ebfb2a44af03e2de94554785ec2f5df9e02f740e68f838f9de0aabe62

Download Submit
C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
37KB

MD5
ceb8bf9b1ed3a86725c99440206a0d17

SHA1
157580d87f6d1f70924da8fbdf7c77ba95ec0445

SHA256
1a56571c9d276aa0d1e68bab0f157e4a17e124ae58520d92121d659092af7a70

SHA512
7f39ffe74b3b5cb2fda26eae174ecd49168c2b03637e8500a96600a0a6877905b115292ebfb2a44af03e2de94554785ec2f5df9e02f740e68f838f9de0aabe62

Download Submit
\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
37KB

MD5
ceb8bf9b1ed3a86725c99440206a0d17

SHA1
157580d87f6d1f70924da8fbdf7c77ba95ec0445

SHA256
1a56571c9d276aa0d1e68bab0f157e4a17e124ae58520d92121d659092af7a70

SHA512
7f39ffe74b3b5cb2fda26eae174ecd49168c2b03637e8500a96600a0a6877905b115292ebfb2a44af03e2de94554785ec2f5df9e02f740e68f838f9de0aabe62

Download Submit
memory/1112-68-0x0000000000390000-0x0000000000396000-memory.dmp

Filesize
24KB

Download
memory/3008-54-0x0000000000350000-0x0000000000356000-memory.dmp

Filesize
24KB

Download
memory/3008-55-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download