db122fcaa84b2ab20b57d87f4b37dc41b44d1cb60cd2a67573310debc6bcc897

Analysis

max time kernel
134s
max time network
144s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
18/07/2023, 15:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c3bc4fd873df86_JC.exe
Size

73KB
MD5

c3bc4fd873df860510424ebcfea001ef
SHA1

4e82258aa54d3869cede9ba8536d56fd512c587a
SHA256

db122fcaa84b2ab20b57d87f4b37dc41b44d1cb60cd2a67573310debc6bcc897
SHA512

aa2e4faaaae42be45da4f579a726a9a7de4e2e2b2cb18c6d5a71d456830f639009146d8b45ded09c49862a0b5ba3462c8a1e7aba0e91073c49adee42aad4120d
SSDEEP

1536:T6QFElP6n+gxmddpMOtEvwDpjwaxTNUOA+Tm:T6a+rdOOtEvwDpjNY

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
920	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2000	c3bc4fd873df86_JC.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2000-54-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x0007000000012107-65.dat	upx
behavioral1/files/0x0007000000012107-68.dat	upx
behavioral1/memory/2000-69-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/920-70-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x0007000000012107-79.dat	upx
behavioral1/memory/920-80-0x0000000000500000-0x0000000000510000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 920	2000	c3bc4fd873df86_JC.exe	28
PID 2000 wrote to memory of 920	2000	c3bc4fd873df86_JC.exe	28
PID 2000 wrote to memory of 920	2000	c3bc4fd873df86_JC.exe	28
PID 2000 wrote to memory of 920	2000	c3bc4fd873df86_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\c3bc4fd873df86_JC.exe
"C:\Users\Admin\AppData\Local\Temp\c3bc4fd873df86_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:920

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
73KB

MD5
ea2db149d382f9cbd1f5246c470f4f00

SHA1
14b94025f680eae9bbcd79b29ab36b16d727be78

SHA256
69fce634d7fe733e33bd9e5e727bfcd0699abdcfd7c3c26525c1982a727c2196

SHA512
7ff41459852e12967e8a3abe66429166886bc3684f1a57dd4b0de45a9aad0df4779f081449f06c046e3580a7b8cb9297e3bb0d8b3227f3a693a40e22177db443

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
73KB

MD5
ea2db149d382f9cbd1f5246c470f4f00

SHA1
14b94025f680eae9bbcd79b29ab36b16d727be78

SHA256
69fce634d7fe733e33bd9e5e727bfcd0699abdcfd7c3c26525c1982a727c2196

SHA512
7ff41459852e12967e8a3abe66429166886bc3684f1a57dd4b0de45a9aad0df4779f081449f06c046e3580a7b8cb9297e3bb0d8b3227f3a693a40e22177db443

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
73KB

MD5
ea2db149d382f9cbd1f5246c470f4f00

SHA1
14b94025f680eae9bbcd79b29ab36b16d727be78

SHA256
69fce634d7fe733e33bd9e5e727bfcd0699abdcfd7c3c26525c1982a727c2196

SHA512
7ff41459852e12967e8a3abe66429166886bc3684f1a57dd4b0de45a9aad0df4779f081449f06c046e3580a7b8cb9297e3bb0d8b3227f3a693a40e22177db443

Download Submit
memory/920-70-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/920-73-0x00000000001E0000-0x00000000001E6000-memory.dmp

Filesize
24KB

Download
memory/920-72-0x0000000000290000-0x0000000000296000-memory.dmp

Filesize
24KB

Download
memory/920-80-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2000-54-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2000-55-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2000-56-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2000-57-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/2000-69-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download