839ad830c82778445fe05f2a5a75283c3fa00c6c08d4e1a91260240c5b7c9685

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
11/07/2023, 13:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f6b746ad96ae7aexeexeexeex.exe
Size

58KB
MD5

f6b746ad96ae7a5567e5e035c9a00a7e
SHA1

05f697b29a49f782dcf7dedd81f361206068ca64
SHA256

839ad830c82778445fe05f2a5a75283c3fa00c6c08d4e1a91260240c5b7c9685
SHA512

ae7b44cea357c03c414b8f0fc51795788eca42aa2bb8b3a768a27624387663bce22d04072c31c721666be35c93a4f0605c7e72b2ee59043cedf17ebf6481856a
SSDEEP

768:79inqyNR/QtOOtEvwDpjBK/iVTab3GRuv3VylcbgMv6zcN81:79mqyNhQMOtEvwDpjBPY7xv3g1MvkO81

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
472	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2800	f6b746ad96ae7aexeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 472	2800	f6b746ad96ae7aexeexeexeex.exe	27
PID 2800 wrote to memory of 472	2800	f6b746ad96ae7aexeexeexeex.exe	27
PID 2800 wrote to memory of 472	2800	f6b746ad96ae7aexeexeexeex.exe	27
PID 2800 wrote to memory of 472	2800	f6b746ad96ae7aexeexeexeex.exe	27

C:\Users\Admin\AppData\Local\Temp\f6b746ad96ae7aexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\f6b746ad96ae7aexeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:472

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
59KB

MD5
e415363b208c6b0a575d5cd5a0774736

SHA1
1b3f8ca148c4c46817efc919e8a26bb74abd1612

SHA256
f10a3422319ee1fdbce4d20e38aecbfef4288ceafcd19c42f8f48c3c3dced102

SHA512
851e42b7cd8e1ccd706a0d1951c25d6ae22ab1c1a425b1589d5803a78dea7a6e65c3be01dfd553ce5dabb1edc906d3dd531f32f734268dda82342cab5d428c1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
59KB

MD5
e415363b208c6b0a575d5cd5a0774736

SHA1
1b3f8ca148c4c46817efc919e8a26bb74abd1612

SHA256
f10a3422319ee1fdbce4d20e38aecbfef4288ceafcd19c42f8f48c3c3dced102

SHA512
851e42b7cd8e1ccd706a0d1951c25d6ae22ab1c1a425b1589d5803a78dea7a6e65c3be01dfd553ce5dabb1edc906d3dd531f32f734268dda82342cab5d428c1e

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
59KB

MD5
e415363b208c6b0a575d5cd5a0774736

SHA1
1b3f8ca148c4c46817efc919e8a26bb74abd1612

SHA256
f10a3422319ee1fdbce4d20e38aecbfef4288ceafcd19c42f8f48c3c3dced102

SHA512
851e42b7cd8e1ccd706a0d1951c25d6ae22ab1c1a425b1589d5803a78dea7a6e65c3be01dfd553ce5dabb1edc906d3dd531f32f734268dda82342cab5d428c1e

Download Submit
memory/472-69-0x00000000002E0000-0x00000000002E6000-memory.dmp

Filesize
24KB

Download
memory/472-76-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2800-54-0x0000000000340000-0x0000000000346000-memory.dmp

Filesize
24KB

Download
memory/2800-55-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/2800-67-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download