011cabb8f5417a4a4e482429812d168e548ba89ef5b14a1a89092ee31a854499

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
16/07/2023, 08:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a07f2c5c4432d_JC.exe
Size

90KB
MD5

5a07f2c5c4432dfcd0b716d7a840ad9e
SHA1

ccd4ba500a255ef5a1a01ffc7f2479c98b082b3a
SHA256

011cabb8f5417a4a4e482429812d168e548ba89ef5b14a1a89092ee31a854499
SHA512

3824aa0908d2a41c575994d67361101c2cd472b6e83f01c94869cfd8246c3f6722aff1cf69d3dfcf658fa6fde5780a6fea20a7abb3665b3eb2469f49659b7111
SSDEEP

1536:zj+soPSMOtEvwDpj4ktBl01hJl8QAPM8Ho6cRDWTHeTy:zCsanOtEvwDpjn

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2836	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1808	5a07f2c5c4432d_JC.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1808-54-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x0009000000012028-70.dat	upx
behavioral1/memory/1808-69-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x0009000000012028-65.dat	upx
behavioral1/memory/2836-71-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x0009000000012028-80.dat	upx
behavioral1/memory/2836-82-0x0000000000500000-0x0000000000510000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 2836	1808	5a07f2c5c4432d_JC.exe	28
PID 1808 wrote to memory of 2836	1808	5a07f2c5c4432d_JC.exe	28
PID 1808 wrote to memory of 2836	1808	5a07f2c5c4432d_JC.exe	28
PID 1808 wrote to memory of 2836	1808	5a07f2c5c4432d_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\5a07f2c5c4432d_JC.exe
"C:\Users\Admin\AppData\Local\Temp\5a07f2c5c4432d_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2836

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
90KB

MD5
a08cfdd7e54d18ecbc88e448d3ab430b

SHA1
02566b473603fccea88928b6ea1f67ee270fa12e

SHA256
f095035d347217c4f94f84932f6a618b971b3c4f2b03bd2898020cb08c3f36f1

SHA512
a572f4a67311a2923462afd70e10a10d2c86f5cd45f1efdea9f660942d8fece61cb3d8cc2e44abac77312e01174edd40efcbd97853e6a39a4e5bb23f36ea3eae

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
90KB

MD5
a08cfdd7e54d18ecbc88e448d3ab430b

SHA1
02566b473603fccea88928b6ea1f67ee270fa12e

SHA256
f095035d347217c4f94f84932f6a618b971b3c4f2b03bd2898020cb08c3f36f1

SHA512
a572f4a67311a2923462afd70e10a10d2c86f5cd45f1efdea9f660942d8fece61cb3d8cc2e44abac77312e01174edd40efcbd97853e6a39a4e5bb23f36ea3eae

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
90KB

MD5
a08cfdd7e54d18ecbc88e448d3ab430b

SHA1
02566b473603fccea88928b6ea1f67ee270fa12e

SHA256
f095035d347217c4f94f84932f6a618b971b3c4f2b03bd2898020cb08c3f36f1

SHA512
a572f4a67311a2923462afd70e10a10d2c86f5cd45f1efdea9f660942d8fece61cb3d8cc2e44abac77312e01174edd40efcbd97853e6a39a4e5bb23f36ea3eae

Download Submit
memory/1808-68-0x0000000000600000-0x0000000000610000-memory.dmp

Filesize
64KB

Download
memory/1808-57-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/1808-69-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/1808-54-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/1808-56-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/1808-55-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/1808-81-0x0000000000600000-0x0000000000610000-memory.dmp

Filesize
64KB

Download
memory/2836-71-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2836-73-0x0000000000460000-0x0000000000466000-memory.dmp

Filesize
24KB

Download
memory/2836-74-0x0000000000420000-0x0000000000426000-memory.dmp

Filesize
24KB

Download
memory/2836-82-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download