85c3d0ceacc80b183032ab30799dc7ab53a3ebd895d56574db3fcb4c98d62032

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
11/07/2023, 13:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f8a3cd060f1c7bexeexeexeex.exe
Size

26KB
MD5

f8a3cd060f1c7bcd9bcd16e0c584a343
SHA1

85e957e9389e6169c46ea0412d11dc49206e9da0
SHA256

85c3d0ceacc80b183032ab30799dc7ab53a3ebd895d56574db3fcb4c98d62032
SHA512

ba2b5b0a884d6f53d267b715ee361cd8861ae4325fe2cc0baf418bcf4a32cfb1b1dd84c937d59887ad3b04178b1d28cf69047cd800bcbde0290479fef4822ee6
SSDEEP

384:bIDl1ovmXAw9PMDREhi9OUSPlRxMc/cip7IAfjDb4YeNI8WD:bIDOw9UiaCHfjnMNjw

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
836	lossy.exe

Loads dropped DLL 1 IoCs

pid	Process
2296	f8a3cd060f1c7bexeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 836	2296	f8a3cd060f1c7bexeexeexeex.exe	29
PID 2296 wrote to memory of 836	2296	f8a3cd060f1c7bexeexeexeex.exe	29
PID 2296 wrote to memory of 836	2296	f8a3cd060f1c7bexeexeexeex.exe	29
PID 2296 wrote to memory of 836	2296	f8a3cd060f1c7bexeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\f8a3cd060f1c7bexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\f8a3cd060f1c7bexeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Users\Admin\AppData\Local\Temp\lossy.exe
  "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
  2⤵
  - Executes dropped EXE
  PID:836

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
26KB

MD5
a0072f380e12c86d9746ea469ec0c711

SHA1
98ed77dabe3959262f3ea12d678c6871c3a5a041

SHA256
a19285262db24d3d91719dbe7e566be832a8a4f4640c564eed71b4e727a4d983

SHA512
88d35b5f67a17d413697a8bbc100c1f0d95977bbb7e6be68a0312c43592a8268494c13667e7e55f280aaa950b6917b8fdf118bc3b9368d547431a711cc542201

Download Submit
C:\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
26KB

MD5
a0072f380e12c86d9746ea469ec0c711

SHA1
98ed77dabe3959262f3ea12d678c6871c3a5a041

SHA256
a19285262db24d3d91719dbe7e566be832a8a4f4640c564eed71b4e727a4d983

SHA512
88d35b5f67a17d413697a8bbc100c1f0d95977bbb7e6be68a0312c43592a8268494c13667e7e55f280aaa950b6917b8fdf118bc3b9368d547431a711cc542201

Download Submit
\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
26KB

MD5
a0072f380e12c86d9746ea469ec0c711

SHA1
98ed77dabe3959262f3ea12d678c6871c3a5a041

SHA256
a19285262db24d3d91719dbe7e566be832a8a4f4640c564eed71b4e727a4d983

SHA512
88d35b5f67a17d413697a8bbc100c1f0d95977bbb7e6be68a0312c43592a8268494c13667e7e55f280aaa950b6917b8fdf118bc3b9368d547431a711cc542201

Download Submit
memory/836-68-0x00000000002F0000-0x00000000002F6000-memory.dmp

Filesize
24KB

Download
memory/2296-54-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2296-55-0x0000000000470000-0x0000000000476000-memory.dmp

Filesize
24KB

Download