1a2eb316fbb562ca0c95cc6be0f63464163a56b1aa09c1571bfa5e0e568e0775

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
22/07/2023, 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NA_090698cf7db4a9exe_JC.exe
Size

33KB
MD5

090698cf7db4a99c48342c3d6533be81
SHA1

f05a886baceb5bc922345d841082177f8bedb2f7
SHA256

1a2eb316fbb562ca0c95cc6be0f63464163a56b1aa09c1571bfa5e0e568e0775
SHA512

b1b0f3c0eee0b266650996beee1ee88d01e73ad671c3134c2c254c25776f05649a4a8c7d0ac344bc0d7a1508ae83a10acf18258755c49e192ce9043462cefe91
SSDEEP

384:bgX4uGLLQRcsdeQ7/nQu63Ag7YmecFanrlwfjDUkKDfWf6XT+72MMiy:bgX4zYcgTEu6QOaryfjqDlC7by

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2812	hasfj.exe

Loads dropped DLL 1 IoCs

pid	Process
1260	NA_090698cf7db4a9exe_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1260 wrote to memory of 2812	1260	NA_090698cf7db4a9exe_JC.exe	28
PID 1260 wrote to memory of 2812	1260	NA_090698cf7db4a9exe_JC.exe	28
PID 1260 wrote to memory of 2812	1260	NA_090698cf7db4a9exe_JC.exe	28
PID 1260 wrote to memory of 2812	1260	NA_090698cf7db4a9exe_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\NA_090698cf7db4a9exe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NA_090698cf7db4a9exe_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1260
- C:\Users\Admin\AppData\Local\Temp\hasfj.exe
  "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
  2⤵
  - Executes dropped EXE
  PID:2812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
33KB

MD5
dd06472bcf61f47ddc5774f83531c5ee

SHA1
800f3c7b27d4cab848b9b2d0a21b9cd3b1fb85fb

SHA256
8bf2b1401e1e6573487aa61b55543d01a217739126cc2af11b190cd84328e6e3

SHA512
8c5ab3d0082e0dff807fafcc6856e92cf02ba12051d5d43b12dc466e65791dd92b675827ce9962eb4bc535e87ab37b09305cf3e6468cce997a8a798bbc44890c

Download Submit
C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
33KB

MD5
dd06472bcf61f47ddc5774f83531c5ee

SHA1
800f3c7b27d4cab848b9b2d0a21b9cd3b1fb85fb

SHA256
8bf2b1401e1e6573487aa61b55543d01a217739126cc2af11b190cd84328e6e3

SHA512
8c5ab3d0082e0dff807fafcc6856e92cf02ba12051d5d43b12dc466e65791dd92b675827ce9962eb4bc535e87ab37b09305cf3e6468cce997a8a798bbc44890c

Download Submit
\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
33KB

MD5
dd06472bcf61f47ddc5774f83531c5ee

SHA1
800f3c7b27d4cab848b9b2d0a21b9cd3b1fb85fb

SHA256
8bf2b1401e1e6573487aa61b55543d01a217739126cc2af11b190cd84328e6e3

SHA512
8c5ab3d0082e0dff807fafcc6856e92cf02ba12051d5d43b12dc466e65791dd92b675827ce9962eb4bc535e87ab37b09305cf3e6468cce997a8a798bbc44890c

Download Submit
memory/1260-54-0x00000000006A0000-0x00000000006A6000-memory.dmp

Filesize
24KB

Download
memory/1260-55-0x00000000006C0000-0x00000000006C6000-memory.dmp

Filesize
24KB

Download
memory/1260-56-0x00000000006A0000-0x00000000006A6000-memory.dmp

Filesize
24KB

Download
memory/2812-70-0x0000000001CE0000-0x0000000001CE6000-memory.dmp

Filesize
24KB

Download
memory/2812-69-0x0000000001CC0000-0x0000000001CC6000-memory.dmp

Filesize
24KB

Download