Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
11/03/2024, 02:57
Static task
static1
Behavioral task
behavioral1
Sample
bd8d336710cbf212a9627eb20389d134.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bd8d336710cbf212a9627eb20389d134.exe
Resource
win10v2004-20240226-en
General
-
Target
bd8d336710cbf212a9627eb20389d134.exe
-
Size
98KB
-
MD5
bd8d336710cbf212a9627eb20389d134
-
SHA1
c709f7feaeca83c32397a389fff5aa6c1209cb4f
-
SHA256
4dabbababa38207a2ceda09c3ff496b5710fe83ee87bdd3ecfa5203cda719136
-
SHA512
0b8bf28d027c81739fd6216f1c99b3f961a0569aa721f7695864be80a9cabfd4fc845ce3db2003e47dcdabd17409f37cec85c587fe0447a057c11aa2c0825292
-
SSDEEP
1536:V6QFElP6n+gMQMOtEvwDpjQGYQbN/PKwNgpYa:V6a+pOtEvwDpjtzA
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2208 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 2940 bd8d336710cbf212a9627eb20389d134.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2940 wrote to memory of 2208 2940 bd8d336710cbf212a9627eb20389d134.exe 28 PID 2940 wrote to memory of 2208 2940 bd8d336710cbf212a9627eb20389d134.exe 28 PID 2940 wrote to memory of 2208 2940 bd8d336710cbf212a9627eb20389d134.exe 28 PID 2940 wrote to memory of 2208 2940 bd8d336710cbf212a9627eb20389d134.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\bd8d336710cbf212a9627eb20389d134.exe"C:\Users\Admin\AppData\Local\Temp\bd8d336710cbf212a9627eb20389d134.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2940 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:2208
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
98KB
MD56b2a61aa3ce956a8f038d0660262bad9
SHA1f399dc009b2954e7d1c13f380bc26548cf4630c5
SHA256a90e0f270e70684fb4540011ac5d1f92c76adceea10560b23439c1a79e9b48d5
SHA51256b5b5beadbfa8df3f39059ae60664a5c523efb66bfa2bf1eb79c993dfd95876f2d19380a6311ffeb4b67763d5ffe8aab5ba885e5a2a29a49baf4c500a2c1a04