1e43f4556497992a2071beecea115c25710078726b75765b517fa26dde338d0b

Analysis

max time kernel
150s
max time network
157s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 02:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9b60dbf694d29792d1e3c2afc9355a70.exe
Size

40KB
MD5

9b60dbf694d29792d1e3c2afc9355a70
SHA1

18dcb3d7b5593186ec42856d807928ad7dc7c3ed
SHA256

1e43f4556497992a2071beecea115c25710078726b75765b517fa26dde338d0b
SHA512

df8d7a848719d492ef7cc05628fdd623e05b1d17c8ed747811a32f77088ec430670e233f2d8aee4261fae1beea7de660cf76366cd741deeca3600a250792caee
SSDEEP

768:TS5nQJ24LR7tOOtEvwDpjGqPhqlcnvhx5/xFRz:m5nkFNMOtEvwDpjG8hhXx

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2540	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2188	9b60dbf694d29792d1e3c2afc9355a70.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2540	2188	9b60dbf694d29792d1e3c2afc9355a70.exe	28
PID 2188 wrote to memory of 2540	2188	9b60dbf694d29792d1e3c2afc9355a70.exe	28
PID 2188 wrote to memory of 2540	2188	9b60dbf694d29792d1e3c2afc9355a70.exe	28
PID 2188 wrote to memory of 2540	2188	9b60dbf694d29792d1e3c2afc9355a70.exe	28

C:\Users\Admin\AppData\Local\Temp\9b60dbf694d29792d1e3c2afc9355a70.exe
"C:\Users\Admin\AppData\Local\Temp\9b60dbf694d29792d1e3c2afc9355a70.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
40KB

MD5
1491e87bcb5361cd47ec48619dd4ba3b

SHA1
44ebc5209ee373358a6795e415c1a0888d031d90

SHA256
82b1d552f009739aa1bc766ee479f4595495ba5dc78863e30f12cfe68b597021

SHA512
99fefe2c6bee12c04e491857ec74124470d969dc00be8dc5e2ef9df942e824994ac26c512c8185d341665283e23b07f120fd90b3cbdcc8cce7746380ec5366a5

Download Submit
memory/2188-0-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/2188-1-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2188-2-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2188-4-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2188-12-0x0000000002700000-0x000000000270E000-memory.dmp

Filesize
56KB

Download
memory/2188-16-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/2540-17-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/2540-19-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/2540-26-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download