9e639037f1c75060bcf239909486a264f526b78fd9b931bf5e03001ebf6cc2b3

Analysis

max time kernel
133s
max time network
144s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
15-07-2023 11:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e7f83f41039a0exeexe_JC.exe
Size

100KB
MD5

3e7f83f41039a03fc9c12d2542c5ff3e
SHA1

43ca10ceb5fc2294d613679f884e916ae8862b62
SHA256

9e639037f1c75060bcf239909486a264f526b78fd9b931bf5e03001ebf6cc2b3
SHA512

b35c3a91e030146e0ad87917be890d4111767217ed54285bc81eb1bf9e6926d954fa40706ea32347106c083fc9dc6f85eaf8f6cab15a73137eea36dd8fee1f54
SSDEEP

1536:P8mnK6QFElP6n+gymddpMOtEvwDpjIHsalRn5iF1j6GF:1nK6a+qdOOtEvwDpjF

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1720	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1212	3e7f83f41039a0exeexe_JC.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1212-54-0x0000000000500000-0x000000000050F311-memory.dmp	upx
behavioral1/files/0x00080000000120e6-65.dat	upx
behavioral1/memory/1212-69-0x0000000000500000-0x000000000050F311-memory.dmp	upx
behavioral1/memory/1720-72-0x0000000000500000-0x000000000050F311-memory.dmp	upx
behavioral1/files/0x00080000000120e6-70.dat	upx
behavioral1/files/0x00080000000120e6-80.dat	upx
behavioral1/memory/1720-82-0x0000000000500000-0x000000000050F311-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 1720	1212	3e7f83f41039a0exeexe_JC.exe	28
PID 1212 wrote to memory of 1720	1212	3e7f83f41039a0exeexe_JC.exe	28
PID 1212 wrote to memory of 1720	1212	3e7f83f41039a0exeexe_JC.exe	28
PID 1212 wrote to memory of 1720	1212	3e7f83f41039a0exeexe_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\3e7f83f41039a0exeexe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\3e7f83f41039a0exeexe_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1212
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:1720

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
100KB

MD5
30b670692a2f19858f66c3bd2a69a968

SHA1
9dc2f9717a77ba1b2619c73e778b8d0703be4886

SHA256
701d7051c4fadb84cbd39ac290b5eaede72279590797e2e04241c95316cea58e

SHA512
4944923d840afa12425508320fab6d9af4fe7880d4cfd35effa2bc08878581b6703852e18a9776a40e63435e638c28c713a60cad0e6419a500e05fa4d40c03c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
100KB

MD5
30b670692a2f19858f66c3bd2a69a968

SHA1
9dc2f9717a77ba1b2619c73e778b8d0703be4886

SHA256
701d7051c4fadb84cbd39ac290b5eaede72279590797e2e04241c95316cea58e

SHA512
4944923d840afa12425508320fab6d9af4fe7880d4cfd35effa2bc08878581b6703852e18a9776a40e63435e638c28c713a60cad0e6419a500e05fa4d40c03c3

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
100KB

MD5
30b670692a2f19858f66c3bd2a69a968

SHA1
9dc2f9717a77ba1b2619c73e778b8d0703be4886

SHA256
701d7051c4fadb84cbd39ac290b5eaede72279590797e2e04241c95316cea58e

SHA512
4944923d840afa12425508320fab6d9af4fe7880d4cfd35effa2bc08878581b6703852e18a9776a40e63435e638c28c713a60cad0e6419a500e05fa4d40c03c3

Download Submit
memory/1212-68-0x0000000002480000-0x0000000002490000-memory.dmp

Filesize
64KB

Download
memory/1212-57-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/1212-69-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download
memory/1212-54-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download
memory/1212-56-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/1212-55-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/1212-81-0x0000000002480000-0x0000000002490000-memory.dmp

Filesize
64KB

Download
memory/1720-72-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download
memory/1720-73-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/1720-74-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1720-82-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download