d7fdba133b067b76ebc0246900499aa658a29c14f7a5f3c6ab7acb4540e9b460

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
16/07/2023, 10:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64f5f59d74d5a6_JC.exe
Size

143KB
MD5

64f5f59d74d5a682512b118247d80f22
SHA1

9978e209357cb22c894b1d802f67c36b2fb6b4c5
SHA256

d7fdba133b067b76ebc0246900499aa658a29c14f7a5f3c6ab7acb4540e9b460
SHA512

96a9787caa8fdea24ac4d5987811c8c01810579709138fcfcf16200c080b5a9f63ddbf7da1a46f7bfe2a8aa1881b04e9102e32ed24232bce58fa5cac599c8cfd
SSDEEP

1536:V6QFElP6n+gMQMOtEvwDpjQGYQbxGYQbxGYQbPlooN4T:V6a+pOtEvwDpjt222

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2516	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2800	64f5f59d74d5a6_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 2516	2800	64f5f59d74d5a6_JC.exe	28
PID 2800 wrote to memory of 2516	2800	64f5f59d74d5a6_JC.exe	28
PID 2800 wrote to memory of 2516	2800	64f5f59d74d5a6_JC.exe	28
PID 2800 wrote to memory of 2516	2800	64f5f59d74d5a6_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\64f5f59d74d5a6_JC.exe
"C:\Users\Admin\AppData\Local\Temp\64f5f59d74d5a6_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2516

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
143KB

MD5
a997f8b331975aca74eb5aa56afbfd59

SHA1
3fceb1bbc9c6e1f069800f415e94ef0c00c5f86e

SHA256
46f0ad96d7baf2abdec801766e8b60db57ae274e788734fccffbde7e73927c70

SHA512
8cf65ea532409f791ab1608821e98e5c0723ea36e64e2a2e9c6467ee56ff86039c9d1dacf91fb2f0c7a0a59096513447e6744d6fb4edbd86c4a0b112474a2256

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
143KB

MD5
a997f8b331975aca74eb5aa56afbfd59

SHA1
3fceb1bbc9c6e1f069800f415e94ef0c00c5f86e

SHA256
46f0ad96d7baf2abdec801766e8b60db57ae274e788734fccffbde7e73927c70

SHA512
8cf65ea532409f791ab1608821e98e5c0723ea36e64e2a2e9c6467ee56ff86039c9d1dacf91fb2f0c7a0a59096513447e6744d6fb4edbd86c4a0b112474a2256

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
143KB

MD5
a997f8b331975aca74eb5aa56afbfd59

SHA1
3fceb1bbc9c6e1f069800f415e94ef0c00c5f86e

SHA256
46f0ad96d7baf2abdec801766e8b60db57ae274e788734fccffbde7e73927c70

SHA512
8cf65ea532409f791ab1608821e98e5c0723ea36e64e2a2e9c6467ee56ff86039c9d1dacf91fb2f0c7a0a59096513447e6744d6fb4edbd86c4a0b112474a2256

Download Submit
memory/2516-68-0x0000000000360000-0x0000000000366000-memory.dmp

Filesize
24KB

Download
memory/2516-69-0x0000000000330000-0x0000000000336000-memory.dmp

Filesize
24KB

Download
memory/2800-54-0x0000000000460000-0x0000000000466000-memory.dmp

Filesize
24KB

Download
memory/2800-53-0x00000000002D0000-0x00000000002D6000-memory.dmp

Filesize
24KB

Download
memory/2800-56-0x00000000002D0000-0x00000000002D6000-memory.dmp

Filesize
24KB

Download