382dbb2ef5f54e3735817318b680935e068749651f702213ab3edfb7842115fd

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-01-2024 11:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

772e5f453fa9373d39f023d7c38e6b38.exe
Size

54KB
MD5

772e5f453fa9373d39f023d7c38e6b38
SHA1

6e80a1283ec85c129ad355942faa3bdd7a00b4dd
SHA256

382dbb2ef5f54e3735817318b680935e068749651f702213ab3edfb7842115fd
SHA512

e3f6aa11fea7b3d3b7ee4569f283ad13e0625afb996a3cb5c7d1120fdb0d4dee08b65dda72b51e5b1994576e2b3593bc355721162429132b5503a8d83b9d5e0f
SSDEEP

1536:nnuJMdwyV/iPs3mFmIW8VWE46Csg5kl+BxIMmGpvHe:nuewEqPpFDWJ/6CsgJBWMV+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

asas.exe

pid process

2648 asas.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2648	asas.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

772e5f453fa9373d39f023d7c38e6b38.exe

description	pid	process	target process
PID 2300 wrote to memory of 2648	2300	772e5f453fa9373d39f023d7c38e6b38.exe	asas.exe
PID 2300 wrote to memory of 2648	2300	772e5f453fa9373d39f023d7c38e6b38.exe	asas.exe
PID 2300 wrote to memory of 2648	2300	772e5f453fa9373d39f023d7c38e6b38.exe	asas.exe
PID 2300 wrote to memory of 2648	2300	772e5f453fa9373d39f023d7c38e6b38.exe	asas.exe

C:\Users\Admin\AppData\Local\Temp\772e5f453fa9373d39f023d7c38e6b38.exe
"C:\Users\Admin\AppData\Local\Temp\772e5f453fa9373d39f023d7c38e6b38.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2300

C:\Users\Admin\AppData\Local\Temp\asas.exe
"C:\Users\Admin\AppData\Local\Temp\asas.exe"
2⤵
- Executes dropped EXE
PID:2648

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asas.exe
Filesize
93KB

MD5
b77565adf9b732f006ed6e3d78354f9d

SHA1
3938f0e986a719cc1377d7b890273ab16e91d2e6

SHA256
00fce42de773e6bbf2df35407de25dfa61a9c52b00b0431298aad00bc557c472

SHA512
f2261184e2b5088fbf2ffe9883cdf05dc8c48e806567bc0a2c8ed435a110dc7229bd6dae39aad885319d45143048eb3290b917a2e3887bbed2d292e30ebff2f9

Download Submit
memory/2300-0-0x0000000000DE0000-0x0000000000DF4000-memory.dmp

Filesize
80KB

Download
memory/2300-1-0x000007FEF5AB0000-0x000007FEF649C000-memory.dmp

Filesize
9.9MB

Download
memory/2300-2-0x000000001AA30000-0x000000001AAB0000-memory.dmp

Filesize
512KB

Download
memory/2300-11-0x000007FEF5AB0000-0x000007FEF649C000-memory.dmp

Filesize
9.9MB

Download