3a19ae55c91930fa826db026a790c735f66650e8c5b20730d152842a18cb782b

Analysis

max time kernel
132s
max time network
141s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
17-07-2023 13:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87e2bcad4371b5_JC.exe
Size

39KB
MD5

87e2bcad4371b5fc8a1989773b8c72fb
SHA1

a97ec8fbe167fa2c570508f3c825c8c26dfe3c16
SHA256

3a19ae55c91930fa826db026a790c735f66650e8c5b20730d152842a18cb782b
SHA512

e395a27f1e74a9698ee100b0997b00c998627aaf2857e08ddf77e0bc3ac9ea0c6b8c82bdb78a027fcf2f562f8901009f66990de5dbc7658fd4bc34b55d06794c
SSDEEP

768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBaaUfmZlQyEgDrBEV:X6QFElP6n+gJQMOtEvwDpjBkfmbQyEgI

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1668	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1932	87e2bcad4371b5_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 1668	1932	87e2bcad4371b5_JC.exe	28
PID 1932 wrote to memory of 1668	1932	87e2bcad4371b5_JC.exe	28
PID 1932 wrote to memory of 1668	1932	87e2bcad4371b5_JC.exe	28
PID 1932 wrote to memory of 1668	1932	87e2bcad4371b5_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\87e2bcad4371b5_JC.exe
"C:\Users\Admin\AppData\Local\Temp\87e2bcad4371b5_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:1668

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
39KB

MD5
e93b3769b133fe6b34af9a7aedaed074

SHA1
8e19b4bf6d61194d75bb414e7c207faf8e9895f3

SHA256
1fc4998a266196d8ba196cd25e5b43feeddca2bfecfb5b6c31353200a6f42b0f

SHA512
a2e2b31aa5774abca18012d2d9bb25fc138759b652af35d2f049413b92356abac6aabc6855b4583cf02406bea6e9119e4807222c436e6cb39a725235c1f7fa4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
39KB

MD5
e93b3769b133fe6b34af9a7aedaed074

SHA1
8e19b4bf6d61194d75bb414e7c207faf8e9895f3

SHA256
1fc4998a266196d8ba196cd25e5b43feeddca2bfecfb5b6c31353200a6f42b0f

SHA512
a2e2b31aa5774abca18012d2d9bb25fc138759b652af35d2f049413b92356abac6aabc6855b4583cf02406bea6e9119e4807222c436e6cb39a725235c1f7fa4e

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
39KB

MD5
e93b3769b133fe6b34af9a7aedaed074

SHA1
8e19b4bf6d61194d75bb414e7c207faf8e9895f3

SHA256
1fc4998a266196d8ba196cd25e5b43feeddca2bfecfb5b6c31353200a6f42b0f

SHA512
a2e2b31aa5774abca18012d2d9bb25fc138759b652af35d2f049413b92356abac6aabc6855b4583cf02406bea6e9119e4807222c436e6cb39a725235c1f7fa4e

Download Submit
memory/1668-69-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/1668-70-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1932-54-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/1932-55-0x0000000000350000-0x0000000000356000-memory.dmp

Filesize
24KB

Download
memory/1932-56-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download