c624d5e6c3866bbf96d671a26fef09814e16078bcd459dabe60c1889c77202b6

Analysis

max time kernel
150s
max time network
155s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
23/07/2023, 16:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NA_NA_190714bb4c693bexeexe_JC.exe
Size

74KB
MD5

190714bb4c693b4dc04b9c6341463ba2
SHA1

2579740493d1a5bff4a981cae3c395418c2461ea
SHA256

c624d5e6c3866bbf96d671a26fef09814e16078bcd459dabe60c1889c77202b6
SHA512

698e5df9845dcd98450aa1730d18a867fb6890c9a417fd0d73ec0a676f43150d8a5bc3d7c4c52b36ac4cc4978d9f391b9a1817e582797f47283e6277d9f3fd6f
SSDEEP

1536:vj+jsMQMOtEvwDpj5HwYYTjipvF2hBfy5R:vCjsIOtEvwDpj5H9YvQd2a

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2812	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1424	NA_NA_190714bb4c693bexeexe_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 2812	1424	NA_NA_190714bb4c693bexeexe_JC.exe	28
PID 1424 wrote to memory of 2812	1424	NA_NA_190714bb4c693bexeexe_JC.exe	28
PID 1424 wrote to memory of 2812	1424	NA_NA_190714bb4c693bexeexe_JC.exe	28
PID 1424 wrote to memory of 2812	1424	NA_NA_190714bb4c693bexeexe_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\NA_NA_190714bb4c693bexeexe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NA_NA_190714bb4c693bexeexe_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1424
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
74KB

MD5
f86bb92d6288aa2bc00f6ec0b0d1a725

SHA1
c46d11cc1c52a87e82228a7e08f40a9b2dfa1e56

SHA256
df06a32e7c790bd6619bf284c2c7a7a017744e279cc3667b73a0e6939cc46426

SHA512
da9d2523b42970a53aa7d3a6f37bc273c84b80f6e5864f43eb3389432ddbb18def7b5e71ee99708cbcb445a025face78acb0b07cebbf121d2326b329f4def251

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
74KB

MD5
f86bb92d6288aa2bc00f6ec0b0d1a725

SHA1
c46d11cc1c52a87e82228a7e08f40a9b2dfa1e56

SHA256
df06a32e7c790bd6619bf284c2c7a7a017744e279cc3667b73a0e6939cc46426

SHA512
da9d2523b42970a53aa7d3a6f37bc273c84b80f6e5864f43eb3389432ddbb18def7b5e71ee99708cbcb445a025face78acb0b07cebbf121d2326b329f4def251

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
74KB

MD5
f86bb92d6288aa2bc00f6ec0b0d1a725

SHA1
c46d11cc1c52a87e82228a7e08f40a9b2dfa1e56

SHA256
df06a32e7c790bd6619bf284c2c7a7a017744e279cc3667b73a0e6939cc46426

SHA512
da9d2523b42970a53aa7d3a6f37bc273c84b80f6e5864f43eb3389432ddbb18def7b5e71ee99708cbcb445a025face78acb0b07cebbf121d2326b329f4def251

Download Submit
memory/1424-53-0x0000000000260000-0x0000000000266000-memory.dmp

Filesize
24KB

Download
memory/1424-55-0x0000000000260000-0x0000000000266000-memory.dmp

Filesize
24KB

Download
memory/1424-54-0x0000000000480000-0x0000000000486000-memory.dmp

Filesize
24KB

Download
memory/2812-69-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/2812-68-0x0000000000350000-0x0000000000356000-memory.dmp

Filesize
24KB

Download