7d1f665e1c6ab61a95b120db7e055c05d2e33cc75ce3b6296a8b2e3363160c57

Analysis

max time kernel
133s
max time network
146s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
23-07-2023 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NA_NA_190a9150255d0bexeexe_JC.exe
Size

54KB
MD5

190a9150255d0b7d8fabd210fc9b76f3
SHA1

6c6381aef6c375756453b89df85cc937c9987463
SHA256

7d1f665e1c6ab61a95b120db7e055c05d2e33cc75ce3b6296a8b2e3363160c57
SHA512

df58f95754387c0758c82b62d0cf28f2cf7a2882ecff43b26335705608c83b4c0db24c1af7a9a1f3a44862d7f14e3748e860474a4ef9c06a704735d537c786fc
SSDEEP

768:UEEmoQDj/xnMp+yptndwe/PWQtOOtEvwDpjIm8lB4dCOBy/cMFqeo9e1T:ZzFbxmLPWQMOtEvwDpj38lD/cMAP+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2436	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
864	NA_NA_190a9150255d0bexeexe_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 2436	864	NA_NA_190a9150255d0bexeexe_JC.exe	28
PID 864 wrote to memory of 2436	864	NA_NA_190a9150255d0bexeexe_JC.exe	28
PID 864 wrote to memory of 2436	864	NA_NA_190a9150255d0bexeexe_JC.exe	28
PID 864 wrote to memory of 2436	864	NA_NA_190a9150255d0bexeexe_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\NA_NA_190a9150255d0bexeexe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NA_NA_190a9150255d0bexeexe_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:864
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
54KB

MD5
cbe3066f2899a465f5b0febf93358631

SHA1
792bfe8a8e363ed5945ed036a5bb8e2701ba7992

SHA256
35c25c1771a9bbb2847743821bd82bd4ff262c6e43454d43782f38213d391701

SHA512
eeba27b0c0ad4ada1cb457f6181202a1f5cf9e3d9db232a5f5ea34be6b570d921a608be051d018cd454272de1e26bd5998c98b8e57f98e5cbffa3d2d601f194f

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
54KB

MD5
cbe3066f2899a465f5b0febf93358631

SHA1
792bfe8a8e363ed5945ed036a5bb8e2701ba7992

SHA256
35c25c1771a9bbb2847743821bd82bd4ff262c6e43454d43782f38213d391701

SHA512
eeba27b0c0ad4ada1cb457f6181202a1f5cf9e3d9db232a5f5ea34be6b570d921a608be051d018cd454272de1e26bd5998c98b8e57f98e5cbffa3d2d601f194f

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
54KB

MD5
cbe3066f2899a465f5b0febf93358631

SHA1
792bfe8a8e363ed5945ed036a5bb8e2701ba7992

SHA256
35c25c1771a9bbb2847743821bd82bd4ff262c6e43454d43782f38213d391701

SHA512
eeba27b0c0ad4ada1cb457f6181202a1f5cf9e3d9db232a5f5ea34be6b570d921a608be051d018cd454272de1e26bd5998c98b8e57f98e5cbffa3d2d601f194f

Download Submit
memory/864-54-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/864-56-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/864-55-0x00000000002F0000-0x00000000002F6000-memory.dmp

Filesize
24KB

Download
memory/2436-68-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2436-70-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download