382dbb2ef5f54e3735817318b680935e068749651f702213ab3edfb7842115fd

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-01-2024 11:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

772e5f453fa9373d39f023d7c38e6b38.exe
Size

54KB
MD5

772e5f453fa9373d39f023d7c38e6b38
SHA1

6e80a1283ec85c129ad355942faa3bdd7a00b4dd
SHA256

382dbb2ef5f54e3735817318b680935e068749651f702213ab3edfb7842115fd
SHA512

e3f6aa11fea7b3d3b7ee4569f283ad13e0625afb996a3cb5c7d1120fdb0d4dee08b65dda72b51e5b1994576e2b3593bc355721162429132b5503a8d83b9d5e0f
SSDEEP

1536:nnuJMdwyV/iPs3mFmIW8VWE46Csg5kl+BxIMmGpvHe:nuewEqPpFDWJ/6CsgJBWMV+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2648	asas.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 2648	2300	772e5f453fa9373d39f023d7c38e6b38.exe	28
PID 2300 wrote to memory of 2648	2300	772e5f453fa9373d39f023d7c38e6b38.exe	28
PID 2300 wrote to memory of 2648	2300	772e5f453fa9373d39f023d7c38e6b38.exe	28
PID 2300 wrote to memory of 2648	2300	772e5f453fa9373d39f023d7c38e6b38.exe	28

C:\Users\Admin\AppData\Local\Temp\772e5f453fa9373d39f023d7c38e6b38.exe
"C:\Users\Admin\AppData\Local\Temp\772e5f453fa9373d39f023d7c38e6b38.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Users\Admin\AppData\Local\Temp\asas.exe
  "C:\Users\Admin\AppData\Local\Temp\asas.exe"
  2⤵
  - Executes dropped EXE
  PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asas.exe

Filesize
93KB

MD5
b77565adf9b732f006ed6e3d78354f9d

SHA1
3938f0e986a719cc1377d7b890273ab16e91d2e6

SHA256
00fce42de773e6bbf2df35407de25dfa61a9c52b00b0431298aad00bc557c472

SHA512
f2261184e2b5088fbf2ffe9883cdf05dc8c48e806567bc0a2c8ed435a110dc7229bd6dae39aad885319d45143048eb3290b917a2e3887bbed2d292e30ebff2f9

Download Submit
memory/2300-0-0x0000000000DE0000-0x0000000000DF4000-memory.dmp

Filesize
80KB

Download
memory/2300-1-0x000007FEF5AB0000-0x000007FEF649C000-memory.dmp

Filesize
9.9MB

Download
memory/2300-2-0x000000001AA30000-0x000000001AAB0000-memory.dmp

Filesize
512KB

Download
memory/2300-11-0x000007FEF5AB0000-0x000007FEF649C000-memory.dmp

Filesize
9.9MB

Download