c2ed76e4e55d68416bc1ad04d12e348f8cc7126873904a8168830771cf1810ef

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
21/02/2024, 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0620eb549ecaa7ac5c13e3fea9b92e4e.exe
Size

116KB
MD5

0620eb549ecaa7ac5c13e3fea9b92e4e
SHA1

90cfcf4fb22c59f170b9a8325d678639f7cc8edc
SHA256

c2ed76e4e55d68416bc1ad04d12e348f8cc7126873904a8168830771cf1810ef
SHA512

7b05e16e7a42022dbb1d9459459e7b7e294244639dced94ccce92c4fd15311728e60ec9ab6e8f5d68deeeb79a47b47bdbd2ec7ae88a241e4c72e8d27b8111c4b
SSDEEP

1536:T6QFElP6n+gxmddpMOtEvwDpjCGYQbN/PKwNgerar/cH:T6a+rdOOtEvwDpjLz1

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2708	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2344	0620eb549ecaa7ac5c13e3fea9b92e4e.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2344-0-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/2344-14-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x000b00000001226e-11.dat	upx
behavioral1/memory/2708-16-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/2708-26-0x0000000000500000-0x0000000000510000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 2708	2344	0620eb549ecaa7ac5c13e3fea9b92e4e.exe	28
PID 2344 wrote to memory of 2708	2344	0620eb549ecaa7ac5c13e3fea9b92e4e.exe	28
PID 2344 wrote to memory of 2708	2344	0620eb549ecaa7ac5c13e3fea9b92e4e.exe	28
PID 2344 wrote to memory of 2708	2344	0620eb549ecaa7ac5c13e3fea9b92e4e.exe	28

C:\Users\Admin\AppData\Local\Temp\0620eb549ecaa7ac5c13e3fea9b92e4e.exe
"C:\Users\Admin\AppData\Local\Temp\0620eb549ecaa7ac5c13e3fea9b92e4e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
116KB

MD5
dbcc79cb89c12cd94def06086e52d89e

SHA1
43a4a8bfb34fc1ed1c5ae54fb2143090d8b986bc

SHA256
f5347229adb5026ef16f276403beb3d09016c625a63d1718cd1020043215cd1e

SHA512
181b10925df1fe255f63fa4496ea71e744cb290e479275591d98ceb98d4bd5bdcf4bd034250ff3660aecbfe422e85b461fce7455660a8d12873cf4902d26ce1b

Download Submit
memory/2344-0-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2344-1-0x0000000000420000-0x0000000000426000-memory.dmp

Filesize
24KB

Download
memory/2344-2-0x0000000000450000-0x0000000000456000-memory.dmp

Filesize
24KB

Download
memory/2344-3-0x0000000000420000-0x0000000000426000-memory.dmp

Filesize
24KB

Download
memory/2344-14-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2708-16-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2708-19-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2708-18-0x0000000000330000-0x0000000000336000-memory.dmp

Filesize
24KB

Download
memory/2708-26-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download