03da2459dc3d3e6381341353bf9f0f5220e9e351bbbe94938e5a7e0dab64d6f8

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18-02-2024 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d94d652a24dbe5efd119419319309ee.exe
Size

76KB
MD5

0d94d652a24dbe5efd119419319309ee
SHA1

c717cf7a9602c8bb51d5f01a0f05fc9cfae1a27f
SHA256

03da2459dc3d3e6381341353bf9f0f5220e9e351bbbe94938e5a7e0dab64d6f8
SHA512

56cc0f0a241bcb5368cce80040f6d58bf1604fb77d4e71996c0f0c0587c9475dfb1b0940e0a62868e1acf31df980167daf3460a1e64aa66d577cb75f09610894
SSDEEP

1536:vj+jsMQMOtEvwDpj5HwYYTjipvF2hBfIufo:vCjsIOtEvwDpj5H9YvQd28

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2004	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1888	0d94d652a24dbe5efd119419319309ee.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 2004	1888	0d94d652a24dbe5efd119419319309ee.exe	28
PID 1888 wrote to memory of 2004	1888	0d94d652a24dbe5efd119419319309ee.exe	28
PID 1888 wrote to memory of 2004	1888	0d94d652a24dbe5efd119419319309ee.exe	28
PID 1888 wrote to memory of 2004	1888	0d94d652a24dbe5efd119419319309ee.exe	28

C:\Users\Admin\AppData\Local\Temp\0d94d652a24dbe5efd119419319309ee.exe
"C:\Users\Admin\AppData\Local\Temp\0d94d652a24dbe5efd119419319309ee.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
76KB

MD5
89abd8c9b62dc3481aeeef5053dd505d

SHA1
fe18a30169467f6b2c1e9719ff07836b770132b2

SHA256
ed7719eecf9a99ead0936cf2dfdffd4eeb97914243d53e7d13d4084b922e145b

SHA512
c1ac0fa49d9994489e10041706e7ccbb8a00ae0cbc9f5ef3e510cbd8a4216adf21faaa61fa8bc5c93fd881e3455b6d3ffd26df2542d9202c2e3bdbdd263df652

Download Submit
memory/1888-0-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/1888-1-0x0000000000290000-0x0000000000296000-memory.dmp

Filesize
24KB

Download
memory/1888-2-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2004-16-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2004-15-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download