3a121f05f63c8593bc348f091d6a320b8fb7092ac7da21dc8d8639e9fa6a9479

Analysis

max time kernel
151s
max time network
154s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
11-07-2023 06:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e38f80fef9369cexeexeexeex.exe
Size

48KB
MD5

e38f80fef9369cd0851989bd0b2db194
SHA1

e3de5f3debe4081a782424f04c6afc13275db2ab
SHA256

3a121f05f63c8593bc348f091d6a320b8fb7092ac7da21dc8d8639e9fa6a9479
SHA512

a5747a95640b33977f8907b092f4facf7d2d11634c96090fd0557453ff841e9d28729995f7cbd14fe46d2f05d9112c526bfaf3908f050b006c0c4b70a60af727
SSDEEP

768:bIDOw9UiaCHfjnE0Sfa7ilR0p9u6p4Uu6EIEIDKlPoph:bIDOw9a0DwitDwIzDKlPoph

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2300	lossy.exe

Loads dropped DLL 1 IoCs

pid	Process
2060	e38f80fef9369cexeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2300	2060	e38f80fef9369cexeexeexeex.exe	29
PID 2060 wrote to memory of 2300	2060	e38f80fef9369cexeexeexeex.exe	29
PID 2060 wrote to memory of 2300	2060	e38f80fef9369cexeexeexeex.exe	29
PID 2060 wrote to memory of 2300	2060	e38f80fef9369cexeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\e38f80fef9369cexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\e38f80fef9369cexeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Users\Admin\AppData\Local\Temp\lossy.exe
  "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
  2⤵
  - Executes dropped EXE
  PID:2300

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
48KB

MD5
30f0b0226650bb24786cd8c4e6e2025c

SHA1
f2adc7a1dd197a92ea622c67ec487f83b41f49d0

SHA256
c018a8c73033807b08f5908a6cf4084f74665ed76c10312018f8600a02b9351f

SHA512
4d5a19accf36ec67b06e49195268ef9254ce7b8c31864c3a5bb129b34aa0449764fc5985e072c6cb24ad0c71f994905a6ac5932ff1caaa7ae12a101aff4a3d12

Download Submit
C:\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
48KB

MD5
30f0b0226650bb24786cd8c4e6e2025c

SHA1
f2adc7a1dd197a92ea622c67ec487f83b41f49d0

SHA256
c018a8c73033807b08f5908a6cf4084f74665ed76c10312018f8600a02b9351f

SHA512
4d5a19accf36ec67b06e49195268ef9254ce7b8c31864c3a5bb129b34aa0449764fc5985e072c6cb24ad0c71f994905a6ac5932ff1caaa7ae12a101aff4a3d12

Download Submit
\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
48KB

MD5
30f0b0226650bb24786cd8c4e6e2025c

SHA1
f2adc7a1dd197a92ea622c67ec487f83b41f49d0

SHA256
c018a8c73033807b08f5908a6cf4084f74665ed76c10312018f8600a02b9351f

SHA512
4d5a19accf36ec67b06e49195268ef9254ce7b8c31864c3a5bb129b34aa0449764fc5985e072c6cb24ad0c71f994905a6ac5932ff1caaa7ae12a101aff4a3d12

Download Submit
memory/2060-54-0x0000000000330000-0x0000000000336000-memory.dmp

Filesize
24KB

Download
memory/2060-55-0x0000000000360000-0x0000000000366000-memory.dmp

Filesize
24KB

Download
memory/2300-68-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download