a24999663205a0759290c59dca5d4653652f9563b6f80bb0075700f1bdd009bc

Analysis

max time kernel
134s
max time network
144s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
17/07/2023, 17:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a060ee570c64c6_JC.exe
Size

39KB
MD5

a060ee570c64c6c94010b4e4752e7888
SHA1

d922a2250086bc79c6059858b96470b8802f2f55
SHA256

a24999663205a0759290c59dca5d4653652f9563b6f80bb0075700f1bdd009bc
SHA512

f035c9cfd68c7a85ad7c1f084728458ba4a8fb320000623781edbe7dede4d865eb728930bea499b87ac2ebd522f886e743d34a099576c4153e5e88e66dca8be9
SSDEEP

768:UEEmoQDj/xnMp+yptndwe/PWQtOOtEvwDpjIm8lB4dCOBxIZ:ZzFbxmLPWQMOtEvwDpj38l1Z

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2788	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2124	a060ee570c64c6_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2788	2124	a060ee570c64c6_JC.exe	28
PID 2124 wrote to memory of 2788	2124	a060ee570c64c6_JC.exe	28
PID 2124 wrote to memory of 2788	2124	a060ee570c64c6_JC.exe	28
PID 2124 wrote to memory of 2788	2124	a060ee570c64c6_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\a060ee570c64c6_JC.exe
"C:\Users\Admin\AppData\Local\Temp\a060ee570c64c6_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2788

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
39KB

MD5
6ba4f2274be801da83c9a645ac0c4a39

SHA1
68ff41b6fa347f994c0d3191c1b0a794ef18e527

SHA256
0ed7f5afa8378df96a8557aa856d8e814aaf9d7c52a102f5d0b18fd91b6906b9

SHA512
2b322eeaeb411c98d55ecfe4f7f16883bac3ac25f24ffd7fe54b8ef645ceb8bfb97387d9b4dc7e218eabf793251d5ee44a3f489911cd681bce43456b53c86439

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
39KB

MD5
6ba4f2274be801da83c9a645ac0c4a39

SHA1
68ff41b6fa347f994c0d3191c1b0a794ef18e527

SHA256
0ed7f5afa8378df96a8557aa856d8e814aaf9d7c52a102f5d0b18fd91b6906b9

SHA512
2b322eeaeb411c98d55ecfe4f7f16883bac3ac25f24ffd7fe54b8ef645ceb8bfb97387d9b4dc7e218eabf793251d5ee44a3f489911cd681bce43456b53c86439

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
39KB

MD5
6ba4f2274be801da83c9a645ac0c4a39

SHA1
68ff41b6fa347f994c0d3191c1b0a794ef18e527

SHA256
0ed7f5afa8378df96a8557aa856d8e814aaf9d7c52a102f5d0b18fd91b6906b9

SHA512
2b322eeaeb411c98d55ecfe4f7f16883bac3ac25f24ffd7fe54b8ef645ceb8bfb97387d9b4dc7e218eabf793251d5ee44a3f489911cd681bce43456b53c86439

Download Submit
memory/2124-54-0x00000000001C0000-0x00000000001C3000-memory.dmp

Filesize
12KB

Download
memory/2124-55-0x00000000001C0000-0x00000000001C6000-memory.dmp

Filesize
24KB

Download
memory/2124-56-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2124-59-0x00000000001C0000-0x00000000001C6000-memory.dmp

Filesize
24KB

Download
memory/2124-69-0x00000000001C0000-0x00000000001C3000-memory.dmp

Filesize
12KB

Download
memory/2788-70-0x00000000001C0000-0x00000000001C6000-memory.dmp

Filesize
24KB

Download
memory/2788-73-0x00000000002D0000-0x00000000002D6000-memory.dmp

Filesize
24KB

Download
memory/2788-72-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download