18dbf64b96b8be6ed88d15b31d7bb7b9c4f87c9574f72a3f2467f316fc0c9232

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 03:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b47313444be92a23156cf6e9819c020.exe
Size

52KB
MD5

8b47313444be92a23156cf6e9819c020
SHA1

26d6261f73c5181a4af08627603771c6a1fea8d2
SHA256

18dbf64b96b8be6ed88d15b31d7bb7b9c4f87c9574f72a3f2467f316fc0c9232
SHA512

d445ca41de3a35c708b384c1b6c7ac123894e3aac645ba1eb57323fbec5da5d2e6c411e0ffe8aa1493af560db2df632d56a54adb7b094042b4a779e5fa7e1d5f
SSDEEP

768:6Qz7yVEhs9+4OR7tOOtEvwDpjLHqPOYRmNxt5QJz7o:6j+1NMOtEvwDpjr8oxES

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2032	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2800	8b47313444be92a23156cf6e9819c020.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 2032	2800	8b47313444be92a23156cf6e9819c020.exe	28
PID 2800 wrote to memory of 2032	2800	8b47313444be92a23156cf6e9819c020.exe	28
PID 2800 wrote to memory of 2032	2800	8b47313444be92a23156cf6e9819c020.exe	28
PID 2800 wrote to memory of 2032	2800	8b47313444be92a23156cf6e9819c020.exe	28

C:\Users\Admin\AppData\Local\Temp\8b47313444be92a23156cf6e9819c020.exe
"C:\Users\Admin\AppData\Local\Temp\8b47313444be92a23156cf6e9819c020.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
52KB

MD5
f1212bde5986a26467a5043e11bf28d9

SHA1
735e26ff46cf059c2bceb8cf3a4720838bff6e5e

SHA256
73116ff81cbe870343b01a46f222b58546636a3384053f85d65a1ab847cbcdd5

SHA512
a198ce5c6430034a07614bdd109008321439ea7790dca79ffa04914e12882977484f63853443b956f47a721ee5fbd7ef846df5c400b210895f9b1152e5babab6

Download Submit
memory/2032-17-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2032-18-0x0000000000310000-0x0000000000316000-memory.dmp

Filesize
24KB

Download
memory/2032-25-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2800-0-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2800-1-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2800-3-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2800-2-0x0000000000460000-0x0000000000466000-memory.dmp

Filesize
24KB

Download
memory/2800-15-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download