Analysis

  • max time kernel
    134s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    17-07-2023 13:35

General

  • Target

    89494d745e042a_JC.exe

  • Size

    125KB

  • MD5

    89494d745e042a6e7c1c748e5c217974

  • SHA1

    557c49bd742054a8dd87bc6ea5b568afeb3eb703

  • SHA256

    89f15cf4e66f3a57bc08e9d181226ee1f684a3e5fcdd306e8ec1f1fa28b042e1

  • SHA512

    7ce50a26a967bb821b585881fbb6d417a36a8d357de962edd8939d885927ea310d9abb47af3c3b0d60e3114d2e58c13b95445c574de0565e8d2f5c5f7880e13f

  • SSDEEP

    1536:vj+jsMQMOtEvwDpj5HwYYTjipvF2hBfIuBKLUYOVZpw:vCjsIOtEvwDpj5H9YvQd2W

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\89494d745e042a_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\89494d745e042a_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:2424

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe

    Filesize

    125KB

    MD5

    8b61308912d96685237d84e7b46f53db

    SHA1

    1a72ad6c54ba0db5d2b2eaa9849d4bb195a96cff

    SHA256

    71e3f5e76e320c2267d59164ca998c5e129f4ebab302ca07d8aca9680bf183a3

    SHA512

    b3390d5583826ec43ba3b65a65395094ab884424d4e5ecf106c9dd327ea0664bda2e4668a679cf67261a04991c532eef6fc484a4b0c72853c0217769d0208f83

  • C:\Users\Admin\AppData\Local\Temp\misid.exe

    Filesize

    125KB

    MD5

    8b61308912d96685237d84e7b46f53db

    SHA1

    1a72ad6c54ba0db5d2b2eaa9849d4bb195a96cff

    SHA256

    71e3f5e76e320c2267d59164ca998c5e129f4ebab302ca07d8aca9680bf183a3

    SHA512

    b3390d5583826ec43ba3b65a65395094ab884424d4e5ecf106c9dd327ea0664bda2e4668a679cf67261a04991c532eef6fc484a4b0c72853c0217769d0208f83

  • \Users\Admin\AppData\Local\Temp\misid.exe

    Filesize

    125KB

    MD5

    8b61308912d96685237d84e7b46f53db

    SHA1

    1a72ad6c54ba0db5d2b2eaa9849d4bb195a96cff

    SHA256

    71e3f5e76e320c2267d59164ca998c5e129f4ebab302ca07d8aca9680bf183a3

    SHA512

    b3390d5583826ec43ba3b65a65395094ab884424d4e5ecf106c9dd327ea0664bda2e4668a679cf67261a04991c532eef6fc484a4b0c72853c0217769d0208f83

  • memory/2232-54-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

  • memory/2232-56-0x0000000000360000-0x0000000000366000-memory.dmp

    Filesize

    24KB

  • memory/2232-55-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

  • memory/2424-70-0x00000000002B0000-0x00000000002B6000-memory.dmp

    Filesize

    24KB