e5352670afdfc0568931790ef0c9252c7198e06a40a2a5633fc3a36f067ba454

Analysis

max time kernel
134s
max time network
144s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
16-07-2023 11:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68620c1088e289_JC.exe
Size

43KB
MD5

68620c1088e28972d723db83f53ec568
SHA1

0a2ad0e6b602ef0d327c5cee3c1f3686e0c69b5b
SHA256

e5352670afdfc0568931790ef0c9252c7198e06a40a2a5633fc3a36f067ba454
SHA512

2f5fb3cc4b4d2ee38793c1eda4da8dcf93f61c2126f2d342205282bff058f759fba1b30fe919424de39ac9cb2dfb74a01ea607d8715551a60a8020d775ccb972
SSDEEP

768:vQz7yVEhs9+js1SQtOOtEvwDpjz9+4/Uth8igNrjnLJQ+j:vj+jsMQMOtEvwDpj5Hczervew

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2568	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1708	68620c1088e289_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2568	1708	68620c1088e289_JC.exe	28
PID 1708 wrote to memory of 2568	1708	68620c1088e289_JC.exe	28
PID 1708 wrote to memory of 2568	1708	68620c1088e289_JC.exe	28
PID 1708 wrote to memory of 2568	1708	68620c1088e289_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\68620c1088e289_JC.exe
"C:\Users\Admin\AppData\Local\Temp\68620c1088e289_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2568

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
44KB

MD5
4a5ef3aa459c91d9144f6a02058dc740

SHA1
2be3be29ffeef9442cc6ce08506df3a7714cbc1e

SHA256
6c35440b82c041613ffdaae169247e3ad77ddfb415ccffc985f211a51fe5c387

SHA512
f66951a1ed27501210c8917d00829c4018082080546b37328c3fd32a80515371e8eb6f04521ed6ad3e287684beaf4b4514440ab2e665b5a4fd39268fa3da6702

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
44KB

MD5
4a5ef3aa459c91d9144f6a02058dc740

SHA1
2be3be29ffeef9442cc6ce08506df3a7714cbc1e

SHA256
6c35440b82c041613ffdaae169247e3ad77ddfb415ccffc985f211a51fe5c387

SHA512
f66951a1ed27501210c8917d00829c4018082080546b37328c3fd32a80515371e8eb6f04521ed6ad3e287684beaf4b4514440ab2e665b5a4fd39268fa3da6702

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
44KB

MD5
4a5ef3aa459c91d9144f6a02058dc740

SHA1
2be3be29ffeef9442cc6ce08506df3a7714cbc1e

SHA256
6c35440b82c041613ffdaae169247e3ad77ddfb415ccffc985f211a51fe5c387

SHA512
f66951a1ed27501210c8917d00829c4018082080546b37328c3fd32a80515371e8eb6f04521ed6ad3e287684beaf4b4514440ab2e665b5a4fd39268fa3da6702

Download Submit
memory/1708-55-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/1708-54-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1708-62-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2568-70-0x0000000000430000-0x0000000000436000-memory.dmp

Filesize
24KB

Download
memory/2568-69-0x0000000000460000-0x0000000000466000-memory.dmp

Filesize
24KB

Download