711c5d374e95c44739cf3d6ff9c5c155789a51f37c76197cb91e4b50de025ede

Analysis

max time kernel
151s
max time network
156s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
17/07/2023, 18:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a51bc32fee2734_JC.exe
Size

58KB
MD5

a51bc32fee2734c8392eaa13acf070c0
SHA1

e7948de6d4ac136e32bc4c7ff4cd74e6796e29f7
SHA256

711c5d374e95c44739cf3d6ff9c5c155789a51f37c76197cb91e4b50de025ede
SHA512

bf04302abd686083bace1c6e41b999aac3e1412c93099e053f8c074c69907cdfd8d2546fcfc5697e44c0188a0526275ae5d1ea31f216ee7934283422184f0c93
SSDEEP

1536:vj+jsMQMOtEvwDpj5HyCyh7vtRJ4BqKb1kWW9:vCjsIOtEvwDpj5Hv0Z

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1384	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1144	a51bc32fee2734_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1144 wrote to memory of 1384	1144	a51bc32fee2734_JC.exe	30
PID 1144 wrote to memory of 1384	1144	a51bc32fee2734_JC.exe	30
PID 1144 wrote to memory of 1384	1144	a51bc32fee2734_JC.exe	30
PID 1144 wrote to memory of 1384	1144	a51bc32fee2734_JC.exe	30

C:\Users\Admin\AppData\Local\Temp\a51bc32fee2734_JC.exe
"C:\Users\Admin\AppData\Local\Temp\a51bc32fee2734_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1144
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:1384

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
58KB

MD5
ec50814cc88bd0804ef8d60410b1f07e

SHA1
51d1018de1ad220aeaa34e2680614bf68cb61f7c

SHA256
c1bc9c4f35448ba8c869c14dbba4b40069fa2cec977ec9c49f6dc8c03b2d9ad1

SHA512
a9df0cc3cd01c66c3f37978d280eed1c5e3e89a8a0d25ba96c7f35cef2f8736e420f2e5f9d4e8a1306efc057524cc9cb4ca27c2a7e669e44b930d6c139a0b46b

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
58KB

MD5
ec50814cc88bd0804ef8d60410b1f07e

SHA1
51d1018de1ad220aeaa34e2680614bf68cb61f7c

SHA256
c1bc9c4f35448ba8c869c14dbba4b40069fa2cec977ec9c49f6dc8c03b2d9ad1

SHA512
a9df0cc3cd01c66c3f37978d280eed1c5e3e89a8a0d25ba96c7f35cef2f8736e420f2e5f9d4e8a1306efc057524cc9cb4ca27c2a7e669e44b930d6c139a0b46b

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
58KB

MD5
ec50814cc88bd0804ef8d60410b1f07e

SHA1
51d1018de1ad220aeaa34e2680614bf68cb61f7c

SHA256
c1bc9c4f35448ba8c869c14dbba4b40069fa2cec977ec9c49f6dc8c03b2d9ad1

SHA512
a9df0cc3cd01c66c3f37978d280eed1c5e3e89a8a0d25ba96c7f35cef2f8736e420f2e5f9d4e8a1306efc057524cc9cb4ca27c2a7e669e44b930d6c139a0b46b

Download Submit
memory/1144-54-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1144-55-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1144-56-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/1384-69-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/1384-70-0x00000000003F0000-0x00000000003F6000-memory.dmp

Filesize
24KB

Download