5dc20acbce6cd5460af55fa4f42f981342ddd04fd6cec24862f9fc49635663a5

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 03:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dd7dbbb8e68a1a1bbd32a73eb8e19a6a.exe
Size

78KB
MD5

dd7dbbb8e68a1a1bbd32a73eb8e19a6a
SHA1

6e8a01c8206278b9d77bc8b631582a36d7f027e4
SHA256

5dc20acbce6cd5460af55fa4f42f981342ddd04fd6cec24862f9fc49635663a5
SHA512

fc64520fdc6fdf8522ad877845cb146c0b8892b949cf42cc80ec410a7dd98974ac7781a95ad893e7ff3cd84cf3c8cc0cfbefca06a0bba2718f58d8e44c3782e0
SSDEEP

1536:vj+jsMQMOtEvwDpj5HwYYTjipvF2hBfIufL+3L:vCjsIOtEvwDpj5H9YvQd2Y

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2172	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
3036	dd7dbbb8e68a1a1bbd32a73eb8e19a6a.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 2172	3036	dd7dbbb8e68a1a1bbd32a73eb8e19a6a.exe	28
PID 3036 wrote to memory of 2172	3036	dd7dbbb8e68a1a1bbd32a73eb8e19a6a.exe	28
PID 3036 wrote to memory of 2172	3036	dd7dbbb8e68a1a1bbd32a73eb8e19a6a.exe	28
PID 3036 wrote to memory of 2172	3036	dd7dbbb8e68a1a1bbd32a73eb8e19a6a.exe	28

C:\Users\Admin\AppData\Local\Temp\dd7dbbb8e68a1a1bbd32a73eb8e19a6a.exe
"C:\Users\Admin\AppData\Local\Temp\dd7dbbb8e68a1a1bbd32a73eb8e19a6a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
78KB

MD5
4ff0fb95d1228317b665d88c5266d192

SHA1
2a8375218df861c3be3e00d23edf5242b40f1942

SHA256
846d609bd409f42ec34e8dc97968810eb80fc8237a03e32ce0acd36c3760d107

SHA512
d38d45dd522ad9614436f97d9f01246548c6994562a23962601a26a7c3fcca2fce0fbace279fcfccac20b7387dff03b75d8e3a35965f630d6dc6d72082b5dd67

Download Submit
memory/2172-16-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2172-15-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/3036-0-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/3036-1-0x00000000004B0000-0x00000000004B6000-memory.dmp

Filesize
24KB

Download
memory/3036-8-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download