82de18133e789046cb8bc97c723409283e76ab2a35d07fae0b13dfd2a2c3cf1f

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
14-03-2024 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72d7cca0da79c8dabe8089307a09f409.exe
Size

42KB
MD5

72d7cca0da79c8dabe8089307a09f409
SHA1

4ba32fab2e0647d01f748dbaf5acce515f02b02d
SHA256

82de18133e789046cb8bc97c723409283e76ab2a35d07fae0b13dfd2a2c3cf1f
SHA512

33fccd52bba39afaf37f6a74bf1de7790f2d3626480c8f758702299cc863b48ae338e2db9e7eb6a26197d1ef8316d7a8b6b4ffd2962cf06c99ed844cc6f63735
SSDEEP

768:6Qz7yVEhs9+4OR7tOOtEvwDpjLHqPhqlcnvk:6j+1NMOtEvwDpjr8hk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1712	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2792	72d7cca0da79c8dabe8089307a09f409.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 1712	2792	72d7cca0da79c8dabe8089307a09f409.exe	28
PID 2792 wrote to memory of 1712	2792	72d7cca0da79c8dabe8089307a09f409.exe	28
PID 2792 wrote to memory of 1712	2792	72d7cca0da79c8dabe8089307a09f409.exe	28
PID 2792 wrote to memory of 1712	2792	72d7cca0da79c8dabe8089307a09f409.exe	28

C:\Users\Admin\AppData\Local\Temp\72d7cca0da79c8dabe8089307a09f409.exe
"C:\Users\Admin\AppData\Local\Temp\72d7cca0da79c8dabe8089307a09f409.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:1712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
43KB

MD5
61aceea9803d4c9e8510a61e772b33a6

SHA1
fc67644bdfb095e8af145ef82cbdb42867b2d4b7

SHA256
d21a2718044cce5b4bf04c09b68af435a452b900bbeb3751d7feea5263f1e92e

SHA512
5eb92ff4e8b37789dfc42b9761fa3ebe9a145dd0457d8418381d3223e304728a3907beee80ac7c097ddd11ccd15770eead1ecab2b4eb8fe21b1d642931c0d968

Download Submit
memory/1712-16-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/1712-18-0x0000000000480000-0x0000000000486000-memory.dmp

Filesize
24KB

Download
memory/1712-20-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1712-26-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2792-0-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2792-1-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/2792-2-0x00000000004A0000-0x00000000004A6000-memory.dmp

Filesize
24KB

Download
memory/2792-9-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/2792-15-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download