51710ef7314fee8645620d87e09e005c4de895160974f8f98d7bdf79934b5d23

Analysis

max time kernel
148s
max time network
152s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
16/07/2023, 12:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f7a2f95ad112a_JC.exe
Size

90KB
MD5

6f7a2f95ad112a880a08985e40a63578
SHA1

fb4028b94af051a6da7dd157503900987372c00a
SHA256

51710ef7314fee8645620d87e09e005c4de895160974f8f98d7bdf79934b5d23
SHA512

ac49c556fdbc592468a0c0bc475ac1ce5eaf4912bba75c62ce896f0b83717d479095c9d0f60a90b050d273054ea66b5775a3214adf0ebfb1fd4d3484953f8522
SSDEEP

1536:V6QFElP6n+gMQMOtEvwDpjQGYQbNcqamvWLmD:V6a+pOtEvwDpjtJ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2832	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2548	6f7a2f95ad112a_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2832	2548	6f7a2f95ad112a_JC.exe	28
PID 2548 wrote to memory of 2832	2548	6f7a2f95ad112a_JC.exe	28
PID 2548 wrote to memory of 2832	2548	6f7a2f95ad112a_JC.exe	28
PID 2548 wrote to memory of 2832	2548	6f7a2f95ad112a_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\6f7a2f95ad112a_JC.exe
"C:\Users\Admin\AppData\Local\Temp\6f7a2f95ad112a_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2832

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
90KB

MD5
132bcec38c87d8ae6b8b25f285ac44c5

SHA1
1576de1e861dd7f0da19e7e9be95791c42b8cd3c

SHA256
717a4807ec2e68e159d111b797a089635179ca43bd1af31b724b14a29c3e6ee5

SHA512
69c60dadaad7ccea8bca1f81a94d274593c1e61d3e0894a7e64056f4411886c8a62885d61c05c9ceac5b74fc38de8203128b7e22a67f567a9a783c4355c9ee36

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
90KB

MD5
132bcec38c87d8ae6b8b25f285ac44c5

SHA1
1576de1e861dd7f0da19e7e9be95791c42b8cd3c

SHA256
717a4807ec2e68e159d111b797a089635179ca43bd1af31b724b14a29c3e6ee5

SHA512
69c60dadaad7ccea8bca1f81a94d274593c1e61d3e0894a7e64056f4411886c8a62885d61c05c9ceac5b74fc38de8203128b7e22a67f567a9a783c4355c9ee36

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
90KB

MD5
132bcec38c87d8ae6b8b25f285ac44c5

SHA1
1576de1e861dd7f0da19e7e9be95791c42b8cd3c

SHA256
717a4807ec2e68e159d111b797a089635179ca43bd1af31b724b14a29c3e6ee5

SHA512
69c60dadaad7ccea8bca1f81a94d274593c1e61d3e0894a7e64056f4411886c8a62885d61c05c9ceac5b74fc38de8203128b7e22a67f567a9a783c4355c9ee36

Download Submit
memory/2548-54-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2548-55-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2548-56-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2832-69-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download