3d05e405aa91b4d9718e78bb194155362bb80ef6b91ab473687ad6e03b7eb987

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
14/07/2023, 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2586fc82a94544exeexe_JC.exe
Size

139KB
MD5

2586fc82a94544de3ddddacc0a85d245
SHA1

810002b6379ff9b3ca48629c5c2290ae08e658e6
SHA256

3d05e405aa91b4d9718e78bb194155362bb80ef6b91ab473687ad6e03b7eb987
SHA512

04afc7a9a2e30cedaab420a24338cb76a4c83ec25214ba4156485db63ac52815f21d7efe839b84b7aa2b8323787d3198191bc9216b4c6bc19934cc5258d610a5
SSDEEP

1536:z6QFElP6n+gKmddpMOtEvwDpj3GYQbN/PKwNgp699Gjr0xow:z6a+CdOOtEvwDpjczD

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2484	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1920	2586fc82a94544exeexe_JC.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1920-53-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x000f00000001201d-64.dat	upx
behavioral1/memory/1920-67-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/2484-70-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x000f00000001201d-69.dat	upx
behavioral1/files/0x000f00000001201d-79.dat	upx
behavioral1/memory/2484-81-0x0000000000500000-0x0000000000510000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 2484	1920	2586fc82a94544exeexe_JC.exe	28
PID 1920 wrote to memory of 2484	1920	2586fc82a94544exeexe_JC.exe	28
PID 1920 wrote to memory of 2484	1920	2586fc82a94544exeexe_JC.exe	28
PID 1920 wrote to memory of 2484	1920	2586fc82a94544exeexe_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\2586fc82a94544exeexe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\2586fc82a94544exeexe_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2484

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
139KB

MD5
162b5c092c23f61d75da5ea1fbf5a032

SHA1
f337885dea9ac736a639ff745c09ffd6673afc1c

SHA256
53df1dd1ef058256ec9fb8935d63385c03ecf431a5ba6c7f080a374c89ed1cf2

SHA512
40fa98d0438913c8aaec8fce9904d4bef38f1f59087438cc1776fd8fa335016ec27bb900f7cc4a9193f50725d6c82088449c9e51d2f9bf83ce2961976680a4d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
139KB

MD5
162b5c092c23f61d75da5ea1fbf5a032

SHA1
f337885dea9ac736a639ff745c09ffd6673afc1c

SHA256
53df1dd1ef058256ec9fb8935d63385c03ecf431a5ba6c7f080a374c89ed1cf2

SHA512
40fa98d0438913c8aaec8fce9904d4bef38f1f59087438cc1776fd8fa335016ec27bb900f7cc4a9193f50725d6c82088449c9e51d2f9bf83ce2961976680a4d3

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
139KB

MD5
162b5c092c23f61d75da5ea1fbf5a032

SHA1
f337885dea9ac736a639ff745c09ffd6673afc1c

SHA256
53df1dd1ef058256ec9fb8935d63385c03ecf431a5ba6c7f080a374c89ed1cf2

SHA512
40fa98d0438913c8aaec8fce9904d4bef38f1f59087438cc1776fd8fa335016ec27bb900f7cc4a9193f50725d6c82088449c9e51d2f9bf83ce2961976680a4d3

Download Submit
memory/1920-54-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1920-56-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1920-55-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/1920-67-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/1920-53-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/1920-68-0x0000000001E80000-0x0000000001E90000-memory.dmp

Filesize
64KB

Download
memory/1920-80-0x0000000001E80000-0x0000000001E90000-memory.dmp

Filesize
64KB

Download
memory/2484-70-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2484-73-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/2484-72-0x0000000000450000-0x0000000000456000-memory.dmp

Filesize
24KB

Download
memory/2484-81-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download