55d250671490f644a13fcee3a7ee7087c2dc83d6fcfc3752fca77eec2c531d6f

Analysis

max time kernel
147s
max time network
151s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 04:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eba3ea66c01addc945cb3e7c0f9f399a.exe
Size

71KB
MD5

eba3ea66c01addc945cb3e7c0f9f399a
SHA1

c4df5c01b6b5644a3096e2dfa89d4cf6eceee5f4
SHA256

55d250671490f644a13fcee3a7ee7087c2dc83d6fcfc3752fca77eec2c531d6f
SHA512

e4001512078bf465c6bb5f62a2c2804af210a8337a0c81b42e1724cb20b2c65938c6025fe77f89fb744753ac91e8b46ae4b517d4de8e6801b2f4fe5c63222559
SSDEEP

1536:X6QFElP6n+gJQMOtEvwDpjBZYTjipvF2bx1R:X6a+SOtEvwDpjBZYvQd2R

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2704	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2184	eba3ea66c01addc945cb3e7c0f9f399a.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2704	2184	eba3ea66c01addc945cb3e7c0f9f399a.exe	19
PID 2184 wrote to memory of 2704	2184	eba3ea66c01addc945cb3e7c0f9f399a.exe	19
PID 2184 wrote to memory of 2704	2184	eba3ea66c01addc945cb3e7c0f9f399a.exe	19
PID 2184 wrote to memory of 2704	2184	eba3ea66c01addc945cb3e7c0f9f399a.exe	19

C:\Users\Admin\AppData\Local\Temp\eba3ea66c01addc945cb3e7c0f9f399a.exe
"C:\Users\Admin\AppData\Local\Temp\eba3ea66c01addc945cb3e7c0f9f399a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
71KB

MD5
ca9b44842c412a333c3d25fe3df08f5e

SHA1
14dc898426b7a2f1588a998862251d5a17a1c865

SHA256
e97819525fd00ff1f19c71ab8e63d07bd2ef281b6a9e516ab56b7f3a46e8f41d

SHA512
5f84e8b54a15940c99e66f05dec2a6748d0336a0fb47371d105560bb4892a525d2550de3ea4f253c5a72301b1c5390011f23628da11615094e3aabd65bb743c6

Download Submit
memory/2184-5-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2184-1-0x0000000000380000-0x0000000000386000-memory.dmp

Filesize
24KB

Download
memory/2184-0-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2704-22-0x0000000000420000-0x0000000000426000-memory.dmp

Filesize
24KB

Download
memory/2704-15-0x0000000000460000-0x0000000000466000-memory.dmp

Filesize
24KB

Download