908d227b621909299287eff8ac6277727917f021b9ec649041fa9e1444e5c04b

Analysis

max time kernel
151s
max time network
154s
platform
windows7_x64
resource
win7-20230705-en
resource tags

arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system
submitted
11/07/2023, 16:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f9c4963ae29874exeexeexeex.exe
Size

101KB
MD5

f9c4963ae2987460ff33231e545b08f1
SHA1

ee6b2b5b69910e3989e56e724e284db6915e807c
SHA256

908d227b621909299287eff8ac6277727917f021b9ec649041fa9e1444e5c04b
SHA512

0fd1a4470b4c469adb333c76d2ecdf1d57a71f47b58ebe8f74ccab70aa204f302d5ac280721432ee841d9c130bc5810793f4c3b4fbda267c1979b4a32f256bc7
SSDEEP

768:xQz7yVEhs9+4uR1bytOOtEvwDpjWfbZ7uyA36S7MpxRiWCCyDFkWxhe0INO3:xj+VGMOtEvwDpjubwQEIie8Fkf0h3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2340	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
816	f9c4963ae29874exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 816 wrote to memory of 2340	816	f9c4963ae29874exeexeexeex.exe	28
PID 816 wrote to memory of 2340	816	f9c4963ae29874exeexeexeex.exe	28
PID 816 wrote to memory of 2340	816	f9c4963ae29874exeexeexeex.exe	28
PID 816 wrote to memory of 2340	816	f9c4963ae29874exeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\f9c4963ae29874exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\f9c4963ae29874exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:816
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2340

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
101KB

MD5
2a4bc176d99ed16a1f92c2980f38f38f

SHA1
abac04cd2337f929288a024e11d3758b64508bd2

SHA256
919bc961e763f4da87ad80d03b19a71381932cbd9586daeba7c1a47a1bf18d7e

SHA512
ac9a6c134510b36a4eae92fada322636aaa324196c817feb5e9b8f139d790519a26fa13fa6b80b3e5e75cd3ced95d4bcdb96ff8d435674f8b98bc2bed2ec1c1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
101KB

MD5
2a4bc176d99ed16a1f92c2980f38f38f

SHA1
abac04cd2337f929288a024e11d3758b64508bd2

SHA256
919bc961e763f4da87ad80d03b19a71381932cbd9586daeba7c1a47a1bf18d7e

SHA512
ac9a6c134510b36a4eae92fada322636aaa324196c817feb5e9b8f139d790519a26fa13fa6b80b3e5e75cd3ced95d4bcdb96ff8d435674f8b98bc2bed2ec1c1a

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
101KB

MD5
2a4bc176d99ed16a1f92c2980f38f38f

SHA1
abac04cd2337f929288a024e11d3758b64508bd2

SHA256
919bc961e763f4da87ad80d03b19a71381932cbd9586daeba7c1a47a1bf18d7e

SHA512
ac9a6c134510b36a4eae92fada322636aaa324196c817feb5e9b8f139d790519a26fa13fa6b80b3e5e75cd3ced95d4bcdb96ff8d435674f8b98bc2bed2ec1c1a

Download Submit
memory/816-54-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/816-55-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/816-62-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2340-76-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download