854fb7493874cefc7ce7ca7cb1b044550e9985cb8891f7cc0a3c6fe6111d3758

Analysis

max time kernel
148s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-03-2024 02:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b2369d39d59ac4e0a50f3b9cec67f358.exe
Size

76KB
MD5

b2369d39d59ac4e0a50f3b9cec67f358
SHA1

0328cdb4ca6e34cfed5b63cfe28df94b89f5c3c0
SHA256

854fb7493874cefc7ce7ca7cb1b044550e9985cb8891f7cc0a3c6fe6111d3758
SHA512

6cadda0d915202433163a24da8e59d887e8fdcc2976ae5dc3e48ac784674c5060cd19ef12cb8b0fe95ba43f73279f5d1409df2222fdd8374c5215f0d173b7cf4
SSDEEP

1536:ZzFbxmLPWQMOtEvwDpj386Sj/WprgJN6tZdOyJ3KujdZ:ZVxkGOtEvwDpjcaz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
632	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2256	b2369d39d59ac4e0a50f3b9cec67f358.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 632	2256	b2369d39d59ac4e0a50f3b9cec67f358.exe	28
PID 2256 wrote to memory of 632	2256	b2369d39d59ac4e0a50f3b9cec67f358.exe	28
PID 2256 wrote to memory of 632	2256	b2369d39d59ac4e0a50f3b9cec67f358.exe	28
PID 2256 wrote to memory of 632	2256	b2369d39d59ac4e0a50f3b9cec67f358.exe	28

C:\Users\Admin\AppData\Local\Temp\b2369d39d59ac4e0a50f3b9cec67f358.exe
"C:\Users\Admin\AppData\Local\Temp\b2369d39d59ac4e0a50f3b9cec67f358.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
76KB

MD5
7d192236b46b5409ad5210e0c6995210

SHA1
0b45f0b67cf423e749d7485feb53d4e54b84a2e3

SHA256
7813b44556fecc5c40a9c73b7c202912632516dd8fd5a24920b0a39c5467c395

SHA512
274f1414af2b282b54666501beed73ffb54db4269d4cc4dd510377351dc3181ef842a05a241560f3239114a8216c3d300a3bebe733fc5d25587c42ba68b598cd

Download Submit
memory/632-15-0x0000000000230000-0x0000000000233000-memory.dmp

Filesize
12KB

Download
memory/632-17-0x0000000000350000-0x0000000000356000-memory.dmp

Filesize
24KB

Download
memory/632-19-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/2256-0-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2256-1-0x0000000000460000-0x0000000000466000-memory.dmp

Filesize
24KB

Download
memory/2256-5-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2256-2-0x0000000000230000-0x00000000002B0000-memory.dmp

Filesize
512KB

Download