092f0e970f4830a8b5b2705bf572c478993f3c4a974accd71a3b21d64559ae1a

Analysis

max time kernel
142s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-03-2024 02:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3067d007b70614dccb5663d8febae43.exe
Size

43KB
MD5

a3067d007b70614dccb5663d8febae43
SHA1

78be8cf5ff73b12021d6d93f90603a377a5178b3
SHA256

092f0e970f4830a8b5b2705bf572c478993f3c4a974accd71a3b21d64559ae1a
SHA512

29183b0eda0c8ddaf610ca6bcd4f72b11941cd9a491d1f37de0395936871a037ddaeb41adfbc89e08e1771923fc97bfa227ad0b8b9b6b3d39863593cc67ca179
SSDEEP

768:bxNQIE0eBhkL2Fo1CCwgfjOg1tsJ6zeen754XcwxbFp1Rr:bxNrC7kYo1Fxf3s05rwxbF79

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2260	pissa.exe

Loads dropped DLL 1 IoCs

pid	Process
2368	a3067d007b70614dccb5663d8febae43.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2260	2368	a3067d007b70614dccb5663d8febae43.exe	28
PID 2368 wrote to memory of 2260	2368	a3067d007b70614dccb5663d8febae43.exe	28
PID 2368 wrote to memory of 2260	2368	a3067d007b70614dccb5663d8febae43.exe	28
PID 2368 wrote to memory of 2260	2368	a3067d007b70614dccb5663d8febae43.exe	28

C:\Users\Admin\AppData\Local\Temp\a3067d007b70614dccb5663d8febae43.exe
"C:\Users\Admin\AppData\Local\Temp\a3067d007b70614dccb5663d8febae43.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Users\Admin\AppData\Local\Temp\pissa.exe
  "C:\Users\Admin\AppData\Local\Temp\pissa.exe"
  2⤵
  - Executes dropped EXE
  PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\pissa.exe

Filesize
43KB

MD5
3073de13c05cc17d50b7b72778ac9d00

SHA1
dbd5cdfd7804c7036d9255c5eb4f53913fdda9f8

SHA256
e4297168186e79ae7cd2dffaec834165b1d24a3206e8c1c00cec4e0fece004df

SHA512
de314c8a2c0ef33de54ab8bfb7e858e71866fe16cbe6e7c06be1127d26af717b35690b685f82fb1a7d9766ee7b0cca18ca3c6ad2ba0a5c17f72ad77fe253e742

Download Submit
memory/2260-15-0x00000000002B0000-0x00000000002B6000-memory.dmp

Filesize
24KB

Download
memory/2260-22-0x0000000000290000-0x0000000000296000-memory.dmp

Filesize
24KB

Download
memory/2368-0-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/2368-1-0x00000000002A0000-0x00000000002A6000-memory.dmp

Filesize
24KB

Download
memory/2368-7-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download