f804a8faaefc4c0831246c66d6acca582fd93f0049278787477c235dee98d559

Analysis

max time kernel
134s
max time network
144s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
16-07-2023 08:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58aadef0faca44_JC.exe
Size

39KB
MD5

58aadef0faca440417d2c005c455a419
SHA1

bd8f8110abf6ca94145180e4702b9f73be56e51b
SHA256

f804a8faaefc4c0831246c66d6acca582fd93f0049278787477c235dee98d559
SHA512

efd8046c19036742cb54abbbae3d0b4d62fd741e87e5d871e0be27d2f3f9a0df47bc3f2c1a7f92bf67a1fcd41bbe62c2e6a366fd8b88209ba2e6059dcc32aa72
SSDEEP

768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBaaUfR+eteh5zE:X6QFElP6n+gJQMOtEvwDpjBkfvtefI

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2572	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2440	58aadef0faca44_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2572	2440	58aadef0faca44_JC.exe	28
PID 2440 wrote to memory of 2572	2440	58aadef0faca44_JC.exe	28
PID 2440 wrote to memory of 2572	2440	58aadef0faca44_JC.exe	28
PID 2440 wrote to memory of 2572	2440	58aadef0faca44_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\58aadef0faca44_JC.exe
"C:\Users\Admin\AppData\Local\Temp\58aadef0faca44_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2572

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
39KB

MD5
892542268d88e679c10f010f6aab11a3

SHA1
f9a36374d9c77eb592b47939c7a11ec712e26f8e

SHA256
3341916694975481a597a1afb0ceab4df68fad166132128edd2398216a3be4fa

SHA512
d6562e1c30a858e7f89d6f3a21b7973e07cc127c6a3d5b6fa54f670418ca65fd7588d2f531cb11e34583e547cdfbadd7b41fbe9a15a17c57cdbf0fed322e8b0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
39KB

MD5
892542268d88e679c10f010f6aab11a3

SHA1
f9a36374d9c77eb592b47939c7a11ec712e26f8e

SHA256
3341916694975481a597a1afb0ceab4df68fad166132128edd2398216a3be4fa

SHA512
d6562e1c30a858e7f89d6f3a21b7973e07cc127c6a3d5b6fa54f670418ca65fd7588d2f531cb11e34583e547cdfbadd7b41fbe9a15a17c57cdbf0fed322e8b0b

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
39KB

MD5
892542268d88e679c10f010f6aab11a3

SHA1
f9a36374d9c77eb592b47939c7a11ec712e26f8e

SHA256
3341916694975481a597a1afb0ceab4df68fad166132128edd2398216a3be4fa

SHA512
d6562e1c30a858e7f89d6f3a21b7973e07cc127c6a3d5b6fa54f670418ca65fd7588d2f531cb11e34583e547cdfbadd7b41fbe9a15a17c57cdbf0fed322e8b0b

Download Submit
memory/2440-54-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2440-55-0x0000000000470000-0x0000000000476000-memory.dmp

Filesize
24KB

Download
memory/2440-57-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2572-69-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/2572-70-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download