28772098142f68d8c14fa252c98a63c3eb7278bced6317d8a87ff3607065a2db

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
16/07/2023, 09:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61314bf6c6740a_JC.exe
Size

29KB
MD5

61314bf6c6740ae927e63c763a69c5da
SHA1

204d27614f1358cbd3629628c8089d9ee24d92b7
SHA256

28772098142f68d8c14fa252c98a63c3eb7278bced6317d8a87ff3607065a2db
SHA512

3814cbe82c17b66036abb8faf2787e57b1c4d75d17770128718985fd88df4a08f3b4fc7858fffcd2b17cde584c3f90efe74a60c82bb7a5539c96266f7a6fc210
SSDEEP

384:bIDl1ovmXAw9PMDREhi9OUSPlRxMc/cip7IAfjDb4H0g/X2kH9r5GJ:bIDOw9UiaCHfjnE0S2kH9rYJ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2428	lossy.exe

Loads dropped DLL 1 IoCs

pid	Process
1996	61314bf6c6740a_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2428	1996	61314bf6c6740a_JC.exe	28
PID 1996 wrote to memory of 2428	1996	61314bf6c6740a_JC.exe	28
PID 1996 wrote to memory of 2428	1996	61314bf6c6740a_JC.exe	28
PID 1996 wrote to memory of 2428	1996	61314bf6c6740a_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\61314bf6c6740a_JC.exe
"C:\Users\Admin\AppData\Local\Temp\61314bf6c6740a_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Users\Admin\AppData\Local\Temp\lossy.exe
  "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
  2⤵
  - Executes dropped EXE
  PID:2428

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
29KB

MD5
4d2a6ecd492b561584853ac853eca91c

SHA1
28299607bea7461efe2aff9d29efe916722b89a6

SHA256
31b2345e3a5ddb802faa9785780dfe304580907141fe52ea8ea4b40e239cd7ba

SHA512
9eaa202e952dfccb8484e325960c5f2d8eb1f6e598422eaf262f6020d1d68746cf985eb662a7b03cda3f67ffc72c775b892c8a18849ef0e8fed63f8557e7ab42

Download Submit
C:\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
29KB

MD5
4d2a6ecd492b561584853ac853eca91c

SHA1
28299607bea7461efe2aff9d29efe916722b89a6

SHA256
31b2345e3a5ddb802faa9785780dfe304580907141fe52ea8ea4b40e239cd7ba

SHA512
9eaa202e952dfccb8484e325960c5f2d8eb1f6e598422eaf262f6020d1d68746cf985eb662a7b03cda3f67ffc72c775b892c8a18849ef0e8fed63f8557e7ab42

Download Submit
\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
29KB

MD5
4d2a6ecd492b561584853ac853eca91c

SHA1
28299607bea7461efe2aff9d29efe916722b89a6

SHA256
31b2345e3a5ddb802faa9785780dfe304580907141fe52ea8ea4b40e239cd7ba

SHA512
9eaa202e952dfccb8484e325960c5f2d8eb1f6e598422eaf262f6020d1d68746cf985eb662a7b03cda3f67ffc72c775b892c8a18849ef0e8fed63f8557e7ab42

Download Submit
memory/1996-54-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/1996-56-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/1996-55-0x0000000000460000-0x0000000000466000-memory.dmp

Filesize
24KB

Download
memory/2428-70-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2428-69-0x00000000001C0000-0x00000000001C6000-memory.dmp

Filesize
24KB

Download