d7321d9a5396e97d700ac85ee75430913109028fd84178623717f570ec92d904

Analysis

max time kernel
149s
max time network
155s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 05:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe95f0c46887eac158a1fed2af911a1b.exe
Size

38KB
MD5

fe95f0c46887eac158a1fed2af911a1b
SHA1

e5b0673dc3bbe7a70af46dcde77074a52f7f2617
SHA256

d7321d9a5396e97d700ac85ee75430913109028fd84178623717f570ec92d904
SHA512

152e91f5a8d81c6b72c36eee310efd0cb3a2c8845e9222ae5c8e78133bc3c4f5c3414ca604ab8432d8b8b1373e721833129655d5471cb564a3df87566531e58d
SSDEEP

768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBaac4HKcf0:X6QFElP6n+gJQMOtEvwDpjBsYK60

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2676	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2760	fe95f0c46887eac158a1fed2af911a1b.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 2676	2760	fe95f0c46887eac158a1fed2af911a1b.exe	28
PID 2760 wrote to memory of 2676	2760	fe95f0c46887eac158a1fed2af911a1b.exe	28
PID 2760 wrote to memory of 2676	2760	fe95f0c46887eac158a1fed2af911a1b.exe	28
PID 2760 wrote to memory of 2676	2760	fe95f0c46887eac158a1fed2af911a1b.exe	28

C:\Users\Admin\AppData\Local\Temp\fe95f0c46887eac158a1fed2af911a1b.exe
"C:\Users\Admin\AppData\Local\Temp\fe95f0c46887eac158a1fed2af911a1b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
38KB

MD5
3b294c214a2c0e4fc325d0b645a2477c

SHA1
45b78befc5305b35924b1edae8e9215352a5603f

SHA256
ba3383058eab96e76d4f997f489cf700efe7ad2cd5dba41d5125a5032df33dd2

SHA512
28441f205212e31e3a6ea545c5dbff2295c9e5201d256cf017f88f137230d056b54fb985f507854fcd4a601577950ba349b2ea74afdfc3d6a3cacc1ea559589f

Download Submit
memory/2676-15-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/2676-17-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2760-0-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/2760-1-0x00000000003F0000-0x00000000003F6000-memory.dmp

Filesize
24KB

Download
memory/2760-3-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download