3128ea00e03d05cac4e0e85154865d6a59b38a02f9932c1bc9bf936b7c9b7332

Analysis

max time kernel
133s
max time network
145s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
15/07/2023, 12:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4681be2e511519exeexe_JC.exe
Size

81KB
MD5

4681be2e511519bf6680dd9fb22e3c5a
SHA1

48ce37a7da45e82b039f409b882b0bf039256af8
SHA256

3128ea00e03d05cac4e0e85154865d6a59b38a02f9932c1bc9bf936b7c9b7332
SHA512

814a8da9f1bb6732d70c79cbab1f94a830cfacccc24f704259cf8c1bf9c21af042c61ab84225a2f86b8e8da0090b6154d952b2e7e773327029b097de58e0444f
SSDEEP

1536:T6QFElP6n+gxmddpMOtEvwDpjwaxTNUXQaOKX55t3:T6a+rdOOtEvwDpjNS

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2684	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1732	4681be2e511519exeexe_JC.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00070000000120ed-79.dat	upx
behavioral1/memory/2684-70-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/1732-69-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x00070000000120ed-68.dat	upx
behavioral1/files/0x00070000000120ed-65.dat	upx
behavioral1/memory/1732-54-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/2684-80-0x0000000000500000-0x0000000000510000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 2684	1732	4681be2e511519exeexe_JC.exe	1
PID 1732 wrote to memory of 2684	1732	4681be2e511519exeexe_JC.exe	1
PID 1732 wrote to memory of 2684	1732	4681be2e511519exeexe_JC.exe	1
PID 1732 wrote to memory of 2684	1732	4681be2e511519exeexe_JC.exe	1

C:\Users\Admin\AppData\Local\Temp\asih.exe
"C:\Users\Admin\AppData\Local\Temp\asih.exe"
1⤵
- Executes dropped EXE
PID:2684

C:\Users\Admin\AppData\Local\Temp\4681be2e511519exeexe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\4681be2e511519exeexe_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1732

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
81KB

MD5
45c4c9889a09ebb90eb22d2ad60480d3

SHA1
5f5048fdea9abfa4e7f58ea88259f593a4af38e4

SHA256
0c5c7ce38d779552b1bbd5e5ff13715208c43b780956443437877bc97d42a3e6

SHA512
05ef77c010ef056d8f3c923048f9237d82f5ed4b135263eb671aadeafbf768daa727a2f60d0f3eb28b428ce7f057fb60a51a5ec1716ebfdf79b51807725ab0b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
81KB

MD5
45c4c9889a09ebb90eb22d2ad60480d3

SHA1
5f5048fdea9abfa4e7f58ea88259f593a4af38e4

SHA256
0c5c7ce38d779552b1bbd5e5ff13715208c43b780956443437877bc97d42a3e6

SHA512
05ef77c010ef056d8f3c923048f9237d82f5ed4b135263eb671aadeafbf768daa727a2f60d0f3eb28b428ce7f057fb60a51a5ec1716ebfdf79b51807725ab0b0

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
81KB

MD5
45c4c9889a09ebb90eb22d2ad60480d3

SHA1
5f5048fdea9abfa4e7f58ea88259f593a4af38e4

SHA256
0c5c7ce38d779552b1bbd5e5ff13715208c43b780956443437877bc97d42a3e6

SHA512
05ef77c010ef056d8f3c923048f9237d82f5ed4b135263eb671aadeafbf768daa727a2f60d0f3eb28b428ce7f057fb60a51a5ec1716ebfdf79b51807725ab0b0

Download Submit
memory/1732-69-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/1732-58-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/1732-56-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/1732-55-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/1732-54-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2684-73-0x00000000002B0000-0x00000000002B6000-memory.dmp

Filesize
24KB

Download
memory/2684-72-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2684-70-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2684-80-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download