9378bc2e5d80eda2ad83d562b10040870e7dca725f6644520494392f585e964f

Analysis

max time kernel
142s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/02/2024, 04:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8e472c2922fb98a0f41809125360ea5.exe
Size

44KB
MD5

b8e472c2922fb98a0f41809125360ea5
SHA1

e48f04e50e656e18275deee7c65157a85716db7f
SHA256

9378bc2e5d80eda2ad83d562b10040870e7dca725f6644520494392f585e964f
SHA512

99c838b8dea0a56c11e5c1eb0e468731e469c551fd4b65a811ad007c5bc87b1ab175ab97ee3f8d986b0149fdd0f63b61d3e0cd1faf7d9387ac9cfae90b73076f
SSDEEP

768:79inqyNR/QtOOtEvwDpjBKccJVODvcjpbA6q9R:79mqyNhQMOtEvwDpjBzck96U

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2424	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
760	b8e472c2922fb98a0f41809125360ea5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 760 wrote to memory of 2424	760	b8e472c2922fb98a0f41809125360ea5.exe	28
PID 760 wrote to memory of 2424	760	b8e472c2922fb98a0f41809125360ea5.exe	28
PID 760 wrote to memory of 2424	760	b8e472c2922fb98a0f41809125360ea5.exe	28
PID 760 wrote to memory of 2424	760	b8e472c2922fb98a0f41809125360ea5.exe	28

C:\Users\Admin\AppData\Local\Temp\b8e472c2922fb98a0f41809125360ea5.exe
"C:\Users\Admin\AppData\Local\Temp\b8e472c2922fb98a0f41809125360ea5.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:760
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
44KB

MD5
fb9294ae0a35cb1c5fdffde14e23176a

SHA1
81dfcc1d9f4d9b50ebca3394839505983d453c57

SHA256
8098949a20d9ed2fafef975ffe1948fd07fc123a9fc8fcc33ff794b487b1a128

SHA512
bd91b2570d441b6e04be154225c20ba091c01f7e6a9736d42ff136035609635415669e4160930f822bc6f6321cb9b023bf09acbd22c2ebf0e0bffe5e5f3745c8

Download Submit
memory/760-1-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/760-0-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/760-2-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/760-3-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/760-15-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2424-16-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2424-18-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/2424-19-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download