6d0c540f637fd70e7ae083edfd3ca46ba929c489509e0c5c43f187981ea705d4

Analysis

max time kernel
150s
max time network
155s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
23/07/2023, 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NA_NA_0b65fa7e3b0035exeexe_JC.exe
Size

53KB
MD5

0b65fa7e3b0035d55f0fc57b551cc68e
SHA1

d15d1ed723d77550d5cf95327aa12ae5409ea760
SHA256

6d0c540f637fd70e7ae083edfd3ca46ba929c489509e0c5c43f187981ea705d4
SHA512

2389f0fb969d9be42929b535c9e02a6ec6ddd29b00ef5af630e21ed05a1aff745e8fb526c225bd6d438a03bbd7d14199d354c64c58ac969a7c39967c79b0ba90
SSDEEP

768:UEEmoQDj/xnMp+yptndwe/PWQtOOtEvwDpjIm8lB4dCOBy/cMFqeo9Bi9/:ZzFbxmLPWQMOtEvwDpj38lD/cMAPBi9/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2244	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2208	NA_NA_0b65fa7e3b0035exeexe_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2244	2208	NA_NA_0b65fa7e3b0035exeexe_JC.exe	28
PID 2208 wrote to memory of 2244	2208	NA_NA_0b65fa7e3b0035exeexe_JC.exe	28
PID 2208 wrote to memory of 2244	2208	NA_NA_0b65fa7e3b0035exeexe_JC.exe	28
PID 2208 wrote to memory of 2244	2208	NA_NA_0b65fa7e3b0035exeexe_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\NA_NA_0b65fa7e3b0035exeexe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NA_NA_0b65fa7e3b0035exeexe_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
53KB

MD5
df1d6655c5b31acb2cb77d1201e74247

SHA1
cfbeb1cb1a743b2ae2efb8928eec385ea59071e9

SHA256
6f1100b45dfd80d8fa2654333d5a235ced30824ffa7d1a77cd48dfbcc52461c2

SHA512
299e4dbcf25c5fb7e30fdd0a6a8a22fe57c756c40879000e389f39496d17f2455d4ad7a004f1c556bdadff48492abd27e12e848932834c1d612e781027a8e477

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
53KB

MD5
df1d6655c5b31acb2cb77d1201e74247

SHA1
cfbeb1cb1a743b2ae2efb8928eec385ea59071e9

SHA256
6f1100b45dfd80d8fa2654333d5a235ced30824ffa7d1a77cd48dfbcc52461c2

SHA512
299e4dbcf25c5fb7e30fdd0a6a8a22fe57c756c40879000e389f39496d17f2455d4ad7a004f1c556bdadff48492abd27e12e848932834c1d612e781027a8e477

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
53KB

MD5
df1d6655c5b31acb2cb77d1201e74247

SHA1
cfbeb1cb1a743b2ae2efb8928eec385ea59071e9

SHA256
6f1100b45dfd80d8fa2654333d5a235ced30824ffa7d1a77cd48dfbcc52461c2

SHA512
299e4dbcf25c5fb7e30fdd0a6a8a22fe57c756c40879000e389f39496d17f2455d4ad7a004f1c556bdadff48492abd27e12e848932834c1d612e781027a8e477

Download Submit
memory/2208-55-0x0000000000230000-0x0000000000233000-memory.dmp

Filesize
12KB

Download
memory/2208-54-0x0000000000420000-0x0000000000426000-memory.dmp

Filesize
24KB

Download
memory/2208-57-0x0000000000450000-0x0000000000456000-memory.dmp

Filesize
24KB

Download
memory/2208-56-0x0000000000420000-0x0000000000426000-memory.dmp

Filesize
24KB

Download
memory/2244-69-0x0000000000230000-0x0000000000233000-memory.dmp

Filesize
12KB

Download
memory/2244-71-0x0000000000510000-0x0000000000516000-memory.dmp

Filesize
24KB

Download
memory/2244-72-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download