fcc332cf3d72a4ea289e41029429587317364aa000f4dc9978325faad4364ccb

Analysis

max time kernel
149s
max time network
154s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
14-07-2023 13:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1cc85d8e2a1911exe_JC.exe
Size

30KB
MD5

1cc85d8e2a1911f4f779ec4456f229ad
SHA1

bcc00005cf65579ddedcc768511f6722d548a0b0
SHA256

fcc332cf3d72a4ea289e41029429587317364aa000f4dc9978325faad4364ccb
SHA512

f760e5654e11ccd2865d01b0230b3ac115777fb3d220eadf768c54692e4ef9bd818ece9e29c3ad8bcc7bd35bff8a71689f31601632dbed28531f24a453feaf2c
SSDEEP

384:bgX4uGLLQRcsdeQ7/nQu63Ag7YmecFanrlwfjDUk0nL9aU:bgX4zYcgTEu6QOaryfjUnLh

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2800	hasfj.exe

Loads dropped DLL 1 IoCs

pid	Process
2184	1cc85d8e2a1911exe_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2800	2184	1cc85d8e2a1911exe_JC.exe	28
PID 2184 wrote to memory of 2800	2184	1cc85d8e2a1911exe_JC.exe	28
PID 2184 wrote to memory of 2800	2184	1cc85d8e2a1911exe_JC.exe	28
PID 2184 wrote to memory of 2800	2184	1cc85d8e2a1911exe_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\1cc85d8e2a1911exe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\1cc85d8e2a1911exe_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Users\Admin\AppData\Local\Temp\hasfj.exe
  "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
  2⤵
  - Executes dropped EXE
  PID:2800

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
30KB

MD5
4cd545ef04631342be56829e8bf6578d

SHA1
3eae6df1d3fece46d2994c1683a83b324ee5ea41

SHA256
dfd84f18903d4654e5f5ffab347f54fd1964e92d44f0b73020910e6673f2a3b9

SHA512
6c32f7a3573a1892b7ddf5e48b7e0140abd3cac1bb5160ce51d0246c07b14b94c6b4b38a43369c4069827df48e7af92760ce51ef9eb96e68676d6858f32a0d20

Download Submit
C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
30KB

MD5
4cd545ef04631342be56829e8bf6578d

SHA1
3eae6df1d3fece46d2994c1683a83b324ee5ea41

SHA256
dfd84f18903d4654e5f5ffab347f54fd1964e92d44f0b73020910e6673f2a3b9

SHA512
6c32f7a3573a1892b7ddf5e48b7e0140abd3cac1bb5160ce51d0246c07b14b94c6b4b38a43369c4069827df48e7af92760ce51ef9eb96e68676d6858f32a0d20

Download Submit
\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
30KB

MD5
4cd545ef04631342be56829e8bf6578d

SHA1
3eae6df1d3fece46d2994c1683a83b324ee5ea41

SHA256
dfd84f18903d4654e5f5ffab347f54fd1964e92d44f0b73020910e6673f2a3b9

SHA512
6c32f7a3573a1892b7ddf5e48b7e0140abd3cac1bb5160ce51d0246c07b14b94c6b4b38a43369c4069827df48e7af92760ce51ef9eb96e68676d6858f32a0d20

Download Submit
memory/2184-54-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2184-56-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2184-55-0x00000000005A0000-0x00000000005A6000-memory.dmp

Filesize
24KB

Download
memory/2800-70-0x00000000002D0000-0x00000000002D6000-memory.dmp

Filesize
24KB

Download
memory/2800-69-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download