4c7f965d97bfba200ff39d564e2f9e251e1ed215f94a0435eac273a154ac4429

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
22-07-2023 22:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NA_094caf1efd6d4cexe_JC.exe
Size

44KB
MD5

094caf1efd6d4c8e7aecf8c0447a48d2
SHA1

18f081ae33763efd75081fa6cb1721dd3a1d5d00
SHA256

4c7f965d97bfba200ff39d564e2f9e251e1ed215f94a0435eac273a154ac4429
SHA512

3b06d01ae97f32fbaaf2ad33923d09b4a01a917372444d270fc02fec83816115b5ceb0fbf8ada7f3577a2b4a9e0b5a2f73b52e04a0b40a14f91d15baf6e143ff
SSDEEP

768:UEEmoQDj/xnMp+yptndwe/PWQtOOtEvwDpjZ1UKXJ0ToBpK22z:ZzFbxmLPWQMOtEvwDpjbtJ0gAV

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1764	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2616	NA_094caf1efd6d4cexe_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2616 wrote to memory of 1764	2616	NA_094caf1efd6d4cexe_JC.exe	28
PID 2616 wrote to memory of 1764	2616	NA_094caf1efd6d4cexe_JC.exe	28
PID 2616 wrote to memory of 1764	2616	NA_094caf1efd6d4cexe_JC.exe	28
PID 2616 wrote to memory of 1764	2616	NA_094caf1efd6d4cexe_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\NA_094caf1efd6d4cexe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NA_094caf1efd6d4cexe_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2616
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:1764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
45KB

MD5
cef3c77df49a7528d95131965396baa6

SHA1
0a09a23b774d69bb7e4cc103658cdf64184d15d6

SHA256
5bbfc9baf58e89f93750be8f10a72c07b387c294e20379e8f09c2f4b735a0dc0

SHA512
6132974a17d9bd4c09c1df5b8f28990e1857fa81b0f6d3f78abb836d1ac70668545aa0ebec82437820065b4f5fa3951c155cb3eb47ae57095f26349c552ccf8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
45KB

MD5
cef3c77df49a7528d95131965396baa6

SHA1
0a09a23b774d69bb7e4cc103658cdf64184d15d6

SHA256
5bbfc9baf58e89f93750be8f10a72c07b387c294e20379e8f09c2f4b735a0dc0

SHA512
6132974a17d9bd4c09c1df5b8f28990e1857fa81b0f6d3f78abb836d1ac70668545aa0ebec82437820065b4f5fa3951c155cb3eb47ae57095f26349c552ccf8f

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
45KB

MD5
cef3c77df49a7528d95131965396baa6

SHA1
0a09a23b774d69bb7e4cc103658cdf64184d15d6

SHA256
5bbfc9baf58e89f93750be8f10a72c07b387c294e20379e8f09c2f4b735a0dc0

SHA512
6132974a17d9bd4c09c1df5b8f28990e1857fa81b0f6d3f78abb836d1ac70668545aa0ebec82437820065b4f5fa3951c155cb3eb47ae57095f26349c552ccf8f

Download Submit
memory/1764-69-0x0000000000230000-0x0000000000233000-memory.dmp

Filesize
12KB

Download
memory/1764-72-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1764-71-0x00000000002B0000-0x00000000002B6000-memory.dmp

Filesize
24KB

Download
memory/1764-79-0x0000000000230000-0x0000000000233000-memory.dmp

Filesize
12KB

Download
memory/2616-54-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2616-55-0x00000000001C0000-0x00000000001C6000-memory.dmp

Filesize
24KB

Download
memory/2616-56-0x0000000000210000-0x0000000000216000-memory.dmp

Filesize
24KB

Download
memory/2616-58-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download