bb944ea475b2e15df885170bfcd27c6923df38c4e0818354f6799a5360acfc74

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 02:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d22f098516215884c0d785866403c45a.exe
Size

47KB
MD5

d22f098516215884c0d785866403c45a
SHA1

0ae28d2fcf7e012b40d9470d05a03a6cf9f1a48f
SHA256

bb944ea475b2e15df885170bfcd27c6923df38c4e0818354f6799a5360acfc74
SHA512

f5941ee0be01b33b4b9d5c9db2c75fae70ab3ce418bf5095b057876ad6b6c9d8cca3d2e408f3cf1a49a1b0e1ce3e47d0cc6758f9e3c81c69a493ef0c8ac90c0f
SSDEEP

384:icX+ni9VCr5nQI021q4VQBqURYp055TOtOOtEvwDpjqIGR/hHi7/OlI0G/74zpzQ:XS5nQJ24LR1bytOOtEvwDpjNbP/0Gek

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2712	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2332	d22f098516215884c0d785866403c45a.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 2712	2332	d22f098516215884c0d785866403c45a.exe	28
PID 2332 wrote to memory of 2712	2332	d22f098516215884c0d785866403c45a.exe	28
PID 2332 wrote to memory of 2712	2332	d22f098516215884c0d785866403c45a.exe	28
PID 2332 wrote to memory of 2712	2332	d22f098516215884c0d785866403c45a.exe	28

C:\Users\Admin\AppData\Local\Temp\d22f098516215884c0d785866403c45a.exe
"C:\Users\Admin\AppData\Local\Temp\d22f098516215884c0d785866403c45a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
48KB

MD5
bbcec2b4c1d5c565c0ba8f444f0ecca8

SHA1
dfc022a92f2b2f05647b4b83f2cdcde3125aa9cb

SHA256
ab7beea79bf4a38b4e7218d98ca2708dbf01d5d10f28ef543ec8026e89f670d1

SHA512
f15ce7b89553e4250744a1baf03688c86161b86d1af98b9fe8df6c07ba1b495fad571263082ec4b90acb571d9fa5f716197addc352ddde4b2190d1e57b0d5f53

Download Submit
memory/2332-0-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2332-1-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2332-3-0x0000000000480000-0x0000000000486000-memory.dmp

Filesize
24KB

Download
memory/2332-2-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2332-15-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2332-16-0x00000000006E0000-0x00000000006EF000-memory.dmp

Filesize
60KB

Download
memory/2332-28-0x00000000006E0000-0x00000000006EF000-memory.dmp

Filesize
60KB

Download
memory/2712-19-0x0000000000290000-0x0000000000296000-memory.dmp

Filesize
24KB

Download
memory/2712-18-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2712-26-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download