8a91b3169c23295182c44fe645d5e3f6575f97150494acb338a7564b87bea3d2

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
21/02/2024, 04:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7d19dcd3d7cf31724e2a3a964e190ce.exe
Size

47KB
MD5

a7d19dcd3d7cf31724e2a3a964e190ce
SHA1

31ecaebe8aabfd9276f58fc8060abbc2908d706f
SHA256

8a91b3169c23295182c44fe645d5e3f6575f97150494acb338a7564b87bea3d2
SHA512

0bed238c01ba482f53e94d75d4a6322cb46ae582e25e733f780a93d537a64f36c859a2cf72efd0861fdbec0324254e846cfa01f1d2dc6609ad78fc79e90c274d
SSDEEP

768:V6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpj/MLaHaMMm2X30E3alsv:V6QFElP6n+gMQMOtEvwDpjyaHaXmlE

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1948	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2484	a7d19dcd3d7cf31724e2a3a964e190ce.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 1948	2484	a7d19dcd3d7cf31724e2a3a964e190ce.exe	28
PID 2484 wrote to memory of 1948	2484	a7d19dcd3d7cf31724e2a3a964e190ce.exe	28
PID 2484 wrote to memory of 1948	2484	a7d19dcd3d7cf31724e2a3a964e190ce.exe	28
PID 2484 wrote to memory of 1948	2484	a7d19dcd3d7cf31724e2a3a964e190ce.exe	28

C:\Users\Admin\AppData\Local\Temp\a7d19dcd3d7cf31724e2a3a964e190ce.exe
"C:\Users\Admin\AppData\Local\Temp\a7d19dcd3d7cf31724e2a3a964e190ce.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:1948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
47KB

MD5
e964eaa8c37b3a0f55d363e983cedd56

SHA1
0813f11de703d02a2c0841c1407514566d61400d

SHA256
1a77f7ed4c56ac43675046455e4bc4779c6e8406d33ec36ba8b4f04b20729d68

SHA512
a30e292a78679c90e362c2b54bab619ed999a189ba8bd3b1a9ad7ed0336b7a8805b19e7b2198612ee6be4d110c26354da25de9487771bdb065cf4fd1e40a9806

Download Submit
memory/1948-15-0x0000000000310000-0x0000000000316000-memory.dmp

Filesize
24KB

Download
memory/1948-17-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2484-0-0x0000000000380000-0x0000000000386000-memory.dmp

Filesize
24KB

Download
memory/2484-1-0x00000000004C0000-0x00000000004C6000-memory.dmp

Filesize
24KB

Download
memory/2484-2-0x0000000000380000-0x0000000000386000-memory.dmp

Filesize
24KB

Download