4d69b81fc7c088aa0fbc249f7d85ac80a42c1f18b0d13371287a9daef21ec4e1

Analysis

max time kernel
148s
max time network
153s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
11-07-2023 13:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f6bf0755935ca6exeexeexeex.exe
Size

36KB
MD5

f6bf0755935ca693186e0b8b823d13c7
SHA1

b63d6b453d25e476279c51e11862eecb498b82d7
SHA256

4d69b81fc7c088aa0fbc249f7d85ac80a42c1f18b0d13371287a9daef21ec4e1
SHA512

597f8b24cbc3b2ee077f8e786e89e1420e4bbca63f6d2994299e6c677a1c20bda1aba0a9e39592241f805c3153b92ad8bfae7f62f24466abca27d6153c4f928c
SSDEEP

768:bIDOw9UiaCHfjnE0Sf88AvvP1oghYvm9/6DBJ:bIDOw9a0Dwo3P1ojvUSDBJ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2320	lossy.exe

Loads dropped DLL 1 IoCs

pid	Process
2396	f6bf0755935ca6exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 2320	2396	f6bf0755935ca6exeexeexeex.exe	29
PID 2396 wrote to memory of 2320	2396	f6bf0755935ca6exeexeexeex.exe	29
PID 2396 wrote to memory of 2320	2396	f6bf0755935ca6exeexeexeex.exe	29
PID 2396 wrote to memory of 2320	2396	f6bf0755935ca6exeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\f6bf0755935ca6exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\f6bf0755935ca6exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Users\Admin\AppData\Local\Temp\lossy.exe
  "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
  2⤵
  - Executes dropped EXE
  PID:2320

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
36KB

MD5
2dbbe4bb37252e18b97793d6f2a40bc0

SHA1
3b571a49a410c8a91d25c40611e8022040bef3c1

SHA256
1729038415b06a5b343c71b9ac611526fca2519a4a8d8394567b099ec8178bd3

SHA512
9af94d86fbfb94df0e277aab8bd1594cc3632e6492ae93a4efcfc6b247038f884026b82d0690779fc992b00201f517a1fc0511024ded0399f6927d1ab79ec03e

Download Submit
C:\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
36KB

MD5
2dbbe4bb37252e18b97793d6f2a40bc0

SHA1
3b571a49a410c8a91d25c40611e8022040bef3c1

SHA256
1729038415b06a5b343c71b9ac611526fca2519a4a8d8394567b099ec8178bd3

SHA512
9af94d86fbfb94df0e277aab8bd1594cc3632e6492ae93a4efcfc6b247038f884026b82d0690779fc992b00201f517a1fc0511024ded0399f6927d1ab79ec03e

Download Submit
\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
36KB

MD5
2dbbe4bb37252e18b97793d6f2a40bc0

SHA1
3b571a49a410c8a91d25c40611e8022040bef3c1

SHA256
1729038415b06a5b343c71b9ac611526fca2519a4a8d8394567b099ec8178bd3

SHA512
9af94d86fbfb94df0e277aab8bd1594cc3632e6492ae93a4efcfc6b247038f884026b82d0690779fc992b00201f517a1fc0511024ded0399f6927d1ab79ec03e

Download Submit
memory/2320-68-0x00000000003A0000-0x00000000003A6000-memory.dmp

Filesize
24KB

Download
memory/2396-54-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2396-55-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download