aba0f0ea5d5e61b5f00e3fc89a0e2d7b35818ba95d01757ce67b32a54960d6c1

Analysis

max time kernel
147s
max time network
154s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
11-07-2023 13:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f549d968bc3046exeexeexeex.exe
Size

26KB
MD5

f549d968bc30461f01763ced3259d8e1
SHA1

d2b492915e8cfc4ff703fbd8a8f9d745b1fe0d7d
SHA256

aba0f0ea5d5e61b5f00e3fc89a0e2d7b35818ba95d01757ce67b32a54960d6c1
SHA512

71290cb1a310220f2e6a51e1f9f763b488d78dcbb66f90d9cc252dcd8a2ed9ae9bd9f6f16ca250de8f2386c5946ac20847ac6779d3747c50eef5f0d9768e69e7
SSDEEP

384:bIDl1ovmXAw9PMDREhi9OUSPlRxMc/cip7IAfjDb4YeNI8WxD:bIDOw9UiaCHfjnMNjGD

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2316	lossy.exe

Loads dropped DLL 1 IoCs

pid	Process
1784	f549d968bc3046exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 2316	1784	f549d968bc3046exeexeexeex.exe	28
PID 1784 wrote to memory of 2316	1784	f549d968bc3046exeexeexeex.exe	28
PID 1784 wrote to memory of 2316	1784	f549d968bc3046exeexeexeex.exe	28
PID 1784 wrote to memory of 2316	1784	f549d968bc3046exeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\f549d968bc3046exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\f549d968bc3046exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1784
- C:\Users\Admin\AppData\Local\Temp\lossy.exe
  "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
  2⤵
  - Executes dropped EXE
  PID:2316

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
26KB

MD5
25aad8837590b831f7d9446c0c10c741

SHA1
dfeb230c0c90120040ef4caca48fc7c9092b8b1a

SHA256
e592a50b9b0f2cf150b8e94158ef9ed46d00278b9cc0002cb3867957a7fb7e21

SHA512
98732f5622b3a7139207da70b9ac4fe427ca46e52d797dae1ce3d1ac825b5bb53287b9853da74b083c516767da4f98ee259b060ff4049a84dfe843d03d8e53c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
26KB

MD5
25aad8837590b831f7d9446c0c10c741

SHA1
dfeb230c0c90120040ef4caca48fc7c9092b8b1a

SHA256
e592a50b9b0f2cf150b8e94158ef9ed46d00278b9cc0002cb3867957a7fb7e21

SHA512
98732f5622b3a7139207da70b9ac4fe427ca46e52d797dae1ce3d1ac825b5bb53287b9853da74b083c516767da4f98ee259b060ff4049a84dfe843d03d8e53c3

Download Submit
\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
26KB

MD5
25aad8837590b831f7d9446c0c10c741

SHA1
dfeb230c0c90120040ef4caca48fc7c9092b8b1a

SHA256
e592a50b9b0f2cf150b8e94158ef9ed46d00278b9cc0002cb3867957a7fb7e21

SHA512
98732f5622b3a7139207da70b9ac4fe427ca46e52d797dae1ce3d1ac825b5bb53287b9853da74b083c516767da4f98ee259b060ff4049a84dfe843d03d8e53c3

Download Submit
memory/1784-54-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1784-55-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2316-68-0x0000000000830000-0x0000000000836000-memory.dmp

Filesize
24KB

Download