bbd9c7fed455d75cf63718e0a73dd0933f7de7890b8900ce389c2edb5e20c122

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
23/07/2023, 18:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NA_NA_20c67835238a6cexeexe_JC.exe
Size

62KB
MD5

20c67835238a6c352703bdca92d92013
SHA1

60e7a3f2affa324503628b5faea4fd008d57a763
SHA256

bbd9c7fed455d75cf63718e0a73dd0933f7de7890b8900ce389c2edb5e20c122
SHA512

537bf2babb32ba37e400430de18f6b8e7c68982c0ffab9c1f59d4b84dc98d7f0fc06d49103419e35297215fa817038e3c60411cde7154ddf10304c3fca70bace
SSDEEP

1536:vj+jsMQMOtEvwDpj5HyCyh7vtRJ4BqKb1cKtbCr:vCjsIOtEvwDpj5Hv03

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2564	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2184	NA_NA_20c67835238a6cexeexe_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2564	2184	NA_NA_20c67835238a6cexeexe_JC.exe	28
PID 2184 wrote to memory of 2564	2184	NA_NA_20c67835238a6cexeexe_JC.exe	28
PID 2184 wrote to memory of 2564	2184	NA_NA_20c67835238a6cexeexe_JC.exe	28
PID 2184 wrote to memory of 2564	2184	NA_NA_20c67835238a6cexeexe_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\NA_NA_20c67835238a6cexeexe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NA_NA_20c67835238a6cexeexe_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
62KB

MD5
24dcd2803cd966707f2e3dd2ed171cb6

SHA1
aa14cc47df43ded333056bb2759bee96975e8c60

SHA256
abd5214d9eaab69258c2f271da3f8ec1a87ea94afd80802a53b6939a22431a71

SHA512
d908a74c2017ae870b08707443f4d100dcb88dff7069f066ba71106ee8d748826a234d497ea134711ae425e948c2e89e73be1cf8b3ac69d10ae9f3734649858b

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
62KB

MD5
24dcd2803cd966707f2e3dd2ed171cb6

SHA1
aa14cc47df43ded333056bb2759bee96975e8c60

SHA256
abd5214d9eaab69258c2f271da3f8ec1a87ea94afd80802a53b6939a22431a71

SHA512
d908a74c2017ae870b08707443f4d100dcb88dff7069f066ba71106ee8d748826a234d497ea134711ae425e948c2e89e73be1cf8b3ac69d10ae9f3734649858b

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
62KB

MD5
24dcd2803cd966707f2e3dd2ed171cb6

SHA1
aa14cc47df43ded333056bb2759bee96975e8c60

SHA256
abd5214d9eaab69258c2f271da3f8ec1a87ea94afd80802a53b6939a22431a71

SHA512
d908a74c2017ae870b08707443f4d100dcb88dff7069f066ba71106ee8d748826a234d497ea134711ae425e948c2e89e73be1cf8b3ac69d10ae9f3734649858b

Download Submit
memory/2184-54-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2184-55-0x0000000000460000-0x0000000000466000-memory.dmp

Filesize
24KB

Download
memory/2184-57-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2564-69-0x00000000003A0000-0x00000000003A6000-memory.dmp

Filesize
24KB

Download
memory/2564-70-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download