365918ff7a1b9173659d38365bac8dd4e8c3192fda2d66228a6ae8aa048b712c

Analysis

max time kernel
148s
max time network
151s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
11/07/2023, 08:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f0489a66e4facfexeexeexeex.exe
Size

110KB
MD5

f0489a66e4facfabaa4a2390f7587a74
SHA1

00b3e7efa615dd226e1308ffd2961f6ee32035f7
SHA256

365918ff7a1b9173659d38365bac8dd4e8c3192fda2d66228a6ae8aa048b712c
SHA512

f4cb4410b2e1272d08d6ba90582af97b868ab24914f0761306f9c259a0f8d2ede4b7f39473c0e4d1c7df7ced10ec71a2d89d78e4bb3303a82e6eb815e555778e
SSDEEP

1536:T6QFElP6n+gxmddpMOtEvwDpjCGYQbN/PKwNuj2GQivv:T6a+rdOOtEvwDpjLzY

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
828	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
364	f0489a66e4facfexeexeexeex.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000c000000012115-63.dat	upx
behavioral1/files/0x000c000000012115-65.dat	upx
behavioral1/memory/364-68-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x000c000000012115-75.dat	upx
behavioral1/memory/828-76-0x0000000000500000-0x0000000000510000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 364 wrote to memory of 828	364	f0489a66e4facfexeexeexeex.exe	29
PID 364 wrote to memory of 828	364	f0489a66e4facfexeexeexeex.exe	29
PID 364 wrote to memory of 828	364	f0489a66e4facfexeexeexeex.exe	29
PID 364 wrote to memory of 828	364	f0489a66e4facfexeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\f0489a66e4facfexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\f0489a66e4facfexeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:364
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:828

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
111KB

MD5
691a298f33c9b82090cbca7215b7b398

SHA1
2de187563787af0dc991a7ee90d8d0d025bba6a7

SHA256
fbf07813e1c6f51d42ff8e3519ca6e7fb9397f31b30dfbddf271332851c8e7bd

SHA512
1d0eafbbc27446f5b35d86da546bb662641bdef827d4566556a4cb2cde7e7ea90d7bf093c5299b750564642fb6556892d4dd295fc5a9f335108f83d9b627b1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
111KB

MD5
691a298f33c9b82090cbca7215b7b398

SHA1
2de187563787af0dc991a7ee90d8d0d025bba6a7

SHA256
fbf07813e1c6f51d42ff8e3519ca6e7fb9397f31b30dfbddf271332851c8e7bd

SHA512
1d0eafbbc27446f5b35d86da546bb662641bdef827d4566556a4cb2cde7e7ea90d7bf093c5299b750564642fb6556892d4dd295fc5a9f335108f83d9b627b1f9

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
111KB

MD5
691a298f33c9b82090cbca7215b7b398

SHA1
2de187563787af0dc991a7ee90d8d0d025bba6a7

SHA256
fbf07813e1c6f51d42ff8e3519ca6e7fb9397f31b30dfbddf271332851c8e7bd

SHA512
1d0eafbbc27446f5b35d86da546bb662641bdef827d4566556a4cb2cde7e7ea90d7bf093c5299b750564642fb6556892d4dd295fc5a9f335108f83d9b627b1f9

Download Submit
memory/364-54-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/364-55-0x00000000002F0000-0x00000000002F6000-memory.dmp

Filesize
24KB

Download
memory/364-68-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/828-69-0x0000000000520000-0x0000000000526000-memory.dmp

Filesize
24KB

Download
memory/828-76-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download