9ab5df1e491c918a9cd01d25602f1f76f173bf7ae4b16a151b34b60ea8d66f39

Analysis

max time kernel
137s
max time network
150s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
13-07-2023 18:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04ad151ebb9199exe_JC.exe
Size

75KB
MD5

04ad151ebb91999a0596e7d37a40a9db
SHA1

e438bec769a9f7bbb78ef35ae87b19ad3ff8c1cb
SHA256

9ab5df1e491c918a9cd01d25602f1f76f173bf7ae4b16a151b34b60ea8d66f39
SHA512

dbde7e17158f4b1f8c817b30f60b5c978cad0b9e3dee18be5eb08a16e12af8cea2363aad079077bbf2c2cb2e0e3848d7bd708ab78dce8235af915bbb6c94f3d9
SSDEEP

1536:vj+jsMQMOtEvwDpj5HwYYTjipvF2hBfVtS:vCjsIOtEvwDpj5H9YvQd26

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2316	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1148	04ad151ebb9199exe_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 2316	1148	04ad151ebb9199exe_JC.exe	28
PID 1148 wrote to memory of 2316	1148	04ad151ebb9199exe_JC.exe	28
PID 1148 wrote to memory of 2316	1148	04ad151ebb9199exe_JC.exe	28
PID 1148 wrote to memory of 2316	1148	04ad151ebb9199exe_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\04ad151ebb9199exe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\04ad151ebb9199exe_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2316

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
75KB

MD5
892b32ffefe4a11cf6db62fccca9743e

SHA1
ea1db97a5239498afd178d9480d44d28f8f47f53

SHA256
086de8633a913853a724eb4da0d0030b74ed74738dbeb3c678d4f733f8ccb9b5

SHA512
fe2121c18842731af4cd7b04cf09ca28d301d1e5ea50768b45c1458c25c927c09f108d630d48c9a7bf5f3fdb812d8a7d9f8a9c66b6f63a225dc100aa81fcab72

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
75KB

MD5
892b32ffefe4a11cf6db62fccca9743e

SHA1
ea1db97a5239498afd178d9480d44d28f8f47f53

SHA256
086de8633a913853a724eb4da0d0030b74ed74738dbeb3c678d4f733f8ccb9b5

SHA512
fe2121c18842731af4cd7b04cf09ca28d301d1e5ea50768b45c1458c25c927c09f108d630d48c9a7bf5f3fdb812d8a7d9f8a9c66b6f63a225dc100aa81fcab72

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
75KB

MD5
892b32ffefe4a11cf6db62fccca9743e

SHA1
ea1db97a5239498afd178d9480d44d28f8f47f53

SHA256
086de8633a913853a724eb4da0d0030b74ed74738dbeb3c678d4f733f8ccb9b5

SHA512
fe2121c18842731af4cd7b04cf09ca28d301d1e5ea50768b45c1458c25c927c09f108d630d48c9a7bf5f3fdb812d8a7d9f8a9c66b6f63a225dc100aa81fcab72

Download Submit
memory/1148-54-0x00000000002B0000-0x00000000002B6000-memory.dmp

Filesize
24KB

Download
memory/1148-55-0x0000000000360000-0x0000000000366000-memory.dmp

Filesize
24KB

Download
memory/1148-56-0x00000000002B0000-0x00000000002B6000-memory.dmp

Filesize
24KB

Download
memory/2316-69-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2316-70-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download