d13851bd95c0586dd1eec7fabb80e134927fbbf976b7983170ec6c4946741f1b

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
18/07/2023, 14:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bca14565e8d562_JC.exe
Size

37KB
MD5

bca14565e8d5626eb177ad9a1ee868e6
SHA1

2a00a1fcb5a18670c33e77391cef0c0898f82bf6
SHA256

d13851bd95c0586dd1eec7fabb80e134927fbbf976b7983170ec6c4946741f1b
SHA512

c2d959b09c931ce4c02da30491993ab56013b432b25633b818377266b8791be25290c6cbbce3d941829f508c676b8fbb46c6961b3d161f5865bf7ec7f4bb3934
SSDEEP

384:bgX4uGLLQRcsdeQ7/nQu63Ag7YmecFanrlwfjDUkKDfWf6XT+72kmGYjTmw:bgX4zYcgTEu6QOaryfjqDlC7rY+w

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2936	hasfj.exe

Loads dropped DLL 1 IoCs

pid	Process
2468	bca14565e8d562_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 2936	2468	bca14565e8d562_JC.exe	28
PID 2468 wrote to memory of 2936	2468	bca14565e8d562_JC.exe	28
PID 2468 wrote to memory of 2936	2468	bca14565e8d562_JC.exe	28
PID 2468 wrote to memory of 2936	2468	bca14565e8d562_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\bca14565e8d562_JC.exe
"C:\Users\Admin\AppData\Local\Temp\bca14565e8d562_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Users\Admin\AppData\Local\Temp\hasfj.exe
  "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
  2⤵
  - Executes dropped EXE
  PID:2936

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
37KB

MD5
0bffe4a60c09aa4c344d9c7ec8c830ec

SHA1
7d6900d57d0eec14c52365122b4f78fad908d598

SHA256
fc9a325bf749a378a34fa5e649aa76bcc3d0cee75738ab90ce71e343411257d5

SHA512
0fb66384d1899dc978db1a0b87b5afba78a50de2898e9aa74cfa2f35d34ada7578b5a41294c34d9bef1774a341f8d78ddfb4b0ba6e65762596c7466c599a7af9

Download Submit
C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
37KB

MD5
0bffe4a60c09aa4c344d9c7ec8c830ec

SHA1
7d6900d57d0eec14c52365122b4f78fad908d598

SHA256
fc9a325bf749a378a34fa5e649aa76bcc3d0cee75738ab90ce71e343411257d5

SHA512
0fb66384d1899dc978db1a0b87b5afba78a50de2898e9aa74cfa2f35d34ada7578b5a41294c34d9bef1774a341f8d78ddfb4b0ba6e65762596c7466c599a7af9

Download Submit
\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
37KB

MD5
0bffe4a60c09aa4c344d9c7ec8c830ec

SHA1
7d6900d57d0eec14c52365122b4f78fad908d598

SHA256
fc9a325bf749a378a34fa5e649aa76bcc3d0cee75738ab90ce71e343411257d5

SHA512
0fb66384d1899dc978db1a0b87b5afba78a50de2898e9aa74cfa2f35d34ada7578b5a41294c34d9bef1774a341f8d78ddfb4b0ba6e65762596c7466c599a7af9

Download Submit
memory/2468-54-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2468-55-0x0000000000290000-0x0000000000296000-memory.dmp

Filesize
24KB

Download
memory/2468-57-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2936-70-0x0000000001C80000-0x0000000001C86000-memory.dmp

Filesize
24KB

Download
memory/2936-69-0x0000000001CA0000-0x0000000001CA6000-memory.dmp

Filesize
24KB

Download