f15674b5e73ba035d0778d23dd0b4d6b6874594e2fdcda54219833a94e6d91bb

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
07/10/2023, 20:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.f15674b5e73ba035d0778d23dd0b4d6b6874594e2fdcda54219833a94e6d91bb_JC.exe
Size

60KB
MD5

f863f4221df383bedae04f09a47409f9
SHA1

5c07d166c4aabdfa8b20646f8eb71066840507ac
SHA256

f15674b5e73ba035d0778d23dd0b4d6b6874594e2fdcda54219833a94e6d91bb
SHA512

c45cebfbc08ad73ec8e8e4237981bb8dcab5f22e66fdf2598b0eb8302ec344923e986ff1752cea32e0d4e28370a63472ac8f475e617338dd636641e8976b6fe1
SSDEEP

1536:ZzFbxmLPWQMOtEvwDpj386Sj/WprgJN6tZdOyJ3hvLcbUF:ZVxkGOtEvwDpjcawy

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2332	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1100	NEAS.f15674b5e73ba035d0778d23dd0b4d6b6874594e2fdcda54219833a94e6d91bb_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1100 wrote to memory of 2332	1100	NEAS.f15674b5e73ba035d0778d23dd0b4d6b6874594e2fdcda54219833a94e6d91bb_JC.exe	28
PID 1100 wrote to memory of 2332	1100	NEAS.f15674b5e73ba035d0778d23dd0b4d6b6874594e2fdcda54219833a94e6d91bb_JC.exe	28
PID 1100 wrote to memory of 2332	1100	NEAS.f15674b5e73ba035d0778d23dd0b4d6b6874594e2fdcda54219833a94e6d91bb_JC.exe	28
PID 1100 wrote to memory of 2332	1100	NEAS.f15674b5e73ba035d0778d23dd0b4d6b6874594e2fdcda54219833a94e6d91bb_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.f15674b5e73ba035d0778d23dd0b4d6b6874594e2fdcda54219833a94e6d91bb_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.f15674b5e73ba035d0778d23dd0b4d6b6874594e2fdcda54219833a94e6d91bb_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1100
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
61KB

MD5
9fe634acb1ec859d01a7e26ba532d12a

SHA1
149d21e385c7ec1d5c376205bac9634516d23370

SHA256
1afa8dd3cf994a24d79af6cdde343896ab980775d61232794a1558eefca45849

SHA512
bee5c27b4e6b6a89464c020854dbefb6eaca17132d1d16762e1489bf4d030dba44865183cec1d0387429803abe93fe4876aa78d6666df5b4f86f7d58a31799a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
61KB

MD5
9fe634acb1ec859d01a7e26ba532d12a

SHA1
149d21e385c7ec1d5c376205bac9634516d23370

SHA256
1afa8dd3cf994a24d79af6cdde343896ab980775d61232794a1558eefca45849

SHA512
bee5c27b4e6b6a89464c020854dbefb6eaca17132d1d16762e1489bf4d030dba44865183cec1d0387429803abe93fe4876aa78d6666df5b4f86f7d58a31799a9

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
61KB

MD5
9fe634acb1ec859d01a7e26ba532d12a

SHA1
149d21e385c7ec1d5c376205bac9634516d23370

SHA256
1afa8dd3cf994a24d79af6cdde343896ab980775d61232794a1558eefca45849

SHA512
bee5c27b4e6b6a89464c020854dbefb6eaca17132d1d16762e1489bf4d030dba44865183cec1d0387429803abe93fe4876aa78d6666df5b4f86f7d58a31799a9

Download Submit
memory/1100-0-0x0000000000230000-0x0000000000233000-memory.dmp

Filesize
12KB

Download
memory/1100-1-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/1100-2-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/1100-3-0x0000000001C90000-0x0000000001C96000-memory.dmp

Filesize
24KB

Download
memory/2332-15-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/2332-17-0x0000000001CD0000-0x0000000001CD6000-memory.dmp

Filesize
24KB

Download
memory/2332-18-0x00000000004A0000-0x00000000004A6000-memory.dmp

Filesize
24KB

Download