9b57bfde616d3b16a555f75e5ccdf01522f5f15a176aaffc2dac72f8d40afe67

Analysis

max time kernel
141s
max time network
151s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
15/07/2023, 12:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46fc7dbfbfc689exeexe_JC.exe
Size

75KB
MD5

46fc7dbfbfc6894483495ed6c1c03dfa
SHA1

1eb147f1822cdf52346c8ca12584942712760604
SHA256

9b57bfde616d3b16a555f75e5ccdf01522f5f15a176aaffc2dac72f8d40afe67
SHA512

fb0e35b84d2378e2f079740930bdfe8ed9b07317e348bb1f0f4c5873e4459b19b3610a844840267c626a8e96dc1e8e97c7b57bdd092b8fc6b8b4ee683f7e5334
SSDEEP

1536:vj+jsMQMOtEvwDpj5HwYYTjipvF2hBfVtd:vCjsIOtEvwDpj5H9YvQd21

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2036	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2604	46fc7dbfbfc689exeexe_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2604 wrote to memory of 2036	2604	46fc7dbfbfc689exeexe_JC.exe	28
PID 2604 wrote to memory of 2036	2604	46fc7dbfbfc689exeexe_JC.exe	28
PID 2604 wrote to memory of 2036	2604	46fc7dbfbfc689exeexe_JC.exe	28
PID 2604 wrote to memory of 2036	2604	46fc7dbfbfc689exeexe_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\46fc7dbfbfc689exeexe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\46fc7dbfbfc689exeexe_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2036

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
75KB

MD5
559560e9ecb677e78c77b91edce16fc5

SHA1
b205c37c3f825dbd4806a537a0f052d245fd4b27

SHA256
80a7e127da22831b4e25e1517f075190ef8ab053e4de5ea3e724fe86829b998d

SHA512
9b5d6d60e9f48b4920bf36659f696aa875db37aa4084192b90224f3cb2fe48e81a2fe5caa3f683954077f8c861882d2b799a26e4a37bc90700fcb586a701291c

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
75KB

MD5
559560e9ecb677e78c77b91edce16fc5

SHA1
b205c37c3f825dbd4806a537a0f052d245fd4b27

SHA256
80a7e127da22831b4e25e1517f075190ef8ab053e4de5ea3e724fe86829b998d

SHA512
9b5d6d60e9f48b4920bf36659f696aa875db37aa4084192b90224f3cb2fe48e81a2fe5caa3f683954077f8c861882d2b799a26e4a37bc90700fcb586a701291c

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
75KB

MD5
559560e9ecb677e78c77b91edce16fc5

SHA1
b205c37c3f825dbd4806a537a0f052d245fd4b27

SHA256
80a7e127da22831b4e25e1517f075190ef8ab053e4de5ea3e724fe86829b998d

SHA512
9b5d6d60e9f48b4920bf36659f696aa875db37aa4084192b90224f3cb2fe48e81a2fe5caa3f683954077f8c861882d2b799a26e4a37bc90700fcb586a701291c

Download Submit
memory/2036-70-0x0000000000460000-0x0000000000466000-memory.dmp

Filesize
24KB

Download
memory/2036-69-0x00000000002D0000-0x00000000002D6000-memory.dmp

Filesize
24KB

Download
memory/2604-54-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2604-55-0x00000000002B0000-0x00000000002B6000-memory.dmp

Filesize
24KB

Download
memory/2604-56-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download