867c9b42c384c8d42d7fed1955daa38a0d5ca50091ef03db71590ebdba514317

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
23/07/2023, 18:15 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NA_NA_2204e12da11c87exeexe_JC.exe
Size

79KB
MD5

2204e12da11c87dd0cc3ce7f3245befb
SHA1

369c27923324397b0092bfd4110bd5feae76083b
SHA256

867c9b42c384c8d42d7fed1955daa38a0d5ca50091ef03db71590ebdba514317
SHA512

16116f9dbada4c35f7b8813fcf61ce6fdfbbdf65b1a119fcd552cc51c73442cf02bed3dad822789a14191c582f257ef9ac72fdb9c857a3daa91eb10c49a11c0e
SSDEEP

768:XS5nQJ24LR1bytOOtEvwDpjNbZ7uyA36S7MpxRXrZSUfFKazNc8wG6Dyjn:i5nkFGMOtEvwDpjNbwQEI8UtzNc8wu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2848	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2448	NA_NA_2204e12da11c87exeexe_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 2848	2448	NA_NA_2204e12da11c87exeexe_JC.exe	28
PID 2448 wrote to memory of 2848	2448	NA_NA_2204e12da11c87exeexe_JC.exe	28
PID 2448 wrote to memory of 2848	2448	NA_NA_2204e12da11c87exeexe_JC.exe	28
PID 2448 wrote to memory of 2848	2448	NA_NA_2204e12da11c87exeexe_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\NA_NA_2204e12da11c87exeexe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NA_NA_2204e12da11c87exeexe_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2848

Network

DNS

bestccc.com

misid.exe

Remote address:

8.8.8.8:53

Request

bestccc.com

IN A

Response

bestccc.com

IN A

103.14.121.240

103.14.121.240:443

bestccc.com

tls

misid.exe

392 B
219 B
5
5
103.14.121.240:443

bestccc.com

misid.exe

152 B
3
103.14.121.240:443

bestccc.com

tls

misid.exe

354 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

288 B
219 B
5
5
103.14.121.240:443

bestccc.com

misid.exe

190 B
172 B
4
4
103.14.121.240:443

bestccc.com

tls

misid.exe

392 B
219 B
5
5
103.14.121.240:443

bestccc.com

misid.exe

152 B
3
103.14.121.240:443

bestccc.com

tls

misid.exe

354 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

288 B
219 B
5
5
103.14.121.240:443

bestccc.com

misid.exe

190 B
92 B
4
2
103.14.121.240:443

bestccc.com

tls

misid.exe

392 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

354 B
219 B
5
5
103.14.121.240:443

bestccc.com

misid.exe

152 B
3
103.14.121.240:443

bestccc.com

tls

misid.exe

288 B
219 B
5
5
103.14.121.240:443

bestccc.com

misid.exe

190 B
92 B
4
2
103.14.121.240:443

bestccc.com

misid.exe

152 B
3
103.14.121.240:443

bestccc.com

misid.exe

152 B
3
103.14.121.240:443

bestccc.com

tls

misid.exe

392 B
219 B
5
5
103.14.121.240:443

bestccc.com

misid.exe

152 B
3
103.14.121.240:443

bestccc.com

tls

misid.exe

354 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

288 B
219 B
5
5
103.14.121.240:443

bestccc.com

misid.exe

190 B
92 B
4
2
103.14.121.240:443

bestccc.com

tls

misid.exe

392 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

354 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

288 B
219 B
5
5
103.14.121.240:443

bestccc.com

misid.exe

190 B
132 B
4
3
103.14.121.240:443

bestccc.com

tls

misid.exe

392 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

354 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

288 B
219 B
5
5
103.14.121.240:443

bestccc.com

misid.exe

190 B
92 B
4
2
103.14.121.240:443

bestccc.com

tls

misid.exe

392 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

354 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

288 B
219 B
5
5
103.14.121.240:443

bestccc.com

misid.exe

190 B
172 B
4
4
103.14.121.240:443

bestccc.com

tls

misid.exe

392 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

354 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

288 B
219 B
5
5
103.14.121.240:443

bestccc.com

misid.exe

190 B
132 B
4
3
103.14.121.240:443

bestccc.com

tls

misid.exe

392 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

354 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

288 B
219 B
5
5
103.14.121.240:443

bestccc.com

misid.exe

190 B
132 B
4
3
103.14.121.240:443

bestccc.com

tls

misid.exe

392 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

354 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

288 B
219 B
5
5
103.14.121.240:443

bestccc.com

misid.exe

190 B
92 B
4
2
103.14.121.240:443

bestccc.com

tls

misid.exe

392 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

354 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

288 B
219 B
5
5
103.14.121.240:443

bestccc.com

misid.exe

190 B
132 B
4
3
103.14.121.240:443

bestccc.com

tls

misid.exe

392 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

354 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

288 B
259 B
5
6
103.14.121.240:443

bestccc.com

misid.exe

190 B
92 B
4
2
103.14.121.240:443

bestccc.com

tls

misid.exe

392 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

354 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

288 B
219 B
5
5
103.14.121.240:443

bestccc.com

misid.exe

190 B
132 B
4
3
103.14.121.240:443

bestccc.com

tls

misid.exe

392 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

354 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

288 B
219 B
5
5
103.14.121.240:443

bestccc.com

misid.exe

190 B
92 B
4
2
103.14.121.240:443

bestccc.com

tls

misid.exe

392 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

354 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

288 B
219 B
5
5
103.14.121.240:443

bestccc.com

misid.exe

190 B
132 B
4
3
103.14.121.240:443

bestccc.com

tls

misid.exe

392 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

354 B
219 B
5
5
103.14.121.240:443

bestccc.com

tls

misid.exe

288 B
179 B
5
4
103.14.121.240:443

bestccc.com

misid.exe

52 B
1
103.14.121.240:443

misid.exe

8.8.8.8:53

bestccc.com

dns

misid.exe

57 B
73 B
1
1

DNS Request

bestccc.com

DNS Response

103.14.121.240

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
79KB

MD5
a0b09697cf57a98d7671a2ccee41daf0

SHA1
40d70a78d3ae4e8d277af6230be8d329621f2ec6

SHA256
e2ab9f21c40f159a2bd1d4cf9d0b61f553435397598783f41b214f6d24d3f16d

SHA512
5db4d320dca80ff796b48c24686d4ffb05e8e4ac0862eb275ccce89d22ea7cae99eacefcda77c73bc7d832a356afeb4dbd8605ae5c378dc48d609693404b7d6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
79KB

MD5
a0b09697cf57a98d7671a2ccee41daf0

SHA1
40d70a78d3ae4e8d277af6230be8d329621f2ec6

SHA256
e2ab9f21c40f159a2bd1d4cf9d0b61f553435397598783f41b214f6d24d3f16d

SHA512
5db4d320dca80ff796b48c24686d4ffb05e8e4ac0862eb275ccce89d22ea7cae99eacefcda77c73bc7d832a356afeb4dbd8605ae5c378dc48d609693404b7d6f

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
79KB

MD5
a0b09697cf57a98d7671a2ccee41daf0

SHA1
40d70a78d3ae4e8d277af6230be8d329621f2ec6

SHA256
e2ab9f21c40f159a2bd1d4cf9d0b61f553435397598783f41b214f6d24d3f16d

SHA512
5db4d320dca80ff796b48c24686d4ffb05e8e4ac0862eb275ccce89d22ea7cae99eacefcda77c73bc7d832a356afeb4dbd8605ae5c378dc48d609693404b7d6f

Download Submit
memory/2448-58-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2448-54-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2448-69-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2448-56-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2448-67-0x0000000001F70000-0x0000000001F7F000-memory.dmp

Filesize
60KB

Download
memory/2448-55-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2448-81-0x0000000001F70000-0x0000000001F7F000-memory.dmp

Filesize
60KB

Download
memory/2848-71-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2848-74-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/2848-73-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2848-82-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download