cae3028abe7e947d99bdf33f11266e61bf95898c3103505a5a5bedb2686ae3ac

Analysis

max time kernel
146s
max time network
152s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 02:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a44ad3c974f62d6007a83ffa361143b3.exe
Size

34KB
MD5

a44ad3c974f62d6007a83ffa361143b3
SHA1

1ae1cbb737f57fa5211d0c75c37218a83cf81707
SHA256

cae3028abe7e947d99bdf33f11266e61bf95898c3103505a5a5bedb2686ae3ac
SHA512

3aa0bded9ccee1a24a249f3070d3b562cfce3e292eeaefebb1d01cbcb05e603aac64b213bee285b3637cbcc4a3448215ab024e6f85ebc62dc9bf486db4036b1b
SSDEEP

768:fTz7y3lhsT+hs1SQtOOtEvwDpjfAu9+45X:fT+hsMQMOtEvwDpjoIH5X

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2544	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2208	a44ad3c974f62d6007a83ffa361143b3.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2544	2208	a44ad3c974f62d6007a83ffa361143b3.exe	28
PID 2208 wrote to memory of 2544	2208	a44ad3c974f62d6007a83ffa361143b3.exe	28
PID 2208 wrote to memory of 2544	2208	a44ad3c974f62d6007a83ffa361143b3.exe	28
PID 2208 wrote to memory of 2544	2208	a44ad3c974f62d6007a83ffa361143b3.exe	28

C:\Users\Admin\AppData\Local\Temp\a44ad3c974f62d6007a83ffa361143b3.exe
"C:\Users\Admin\AppData\Local\Temp\a44ad3c974f62d6007a83ffa361143b3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
34KB

MD5
c5e2e9deb87b9687d5e2d6ab90d4eb59

SHA1
4c20960413f393e35ca508b33e5194b450be5de6

SHA256
7840d1c37b2aaa7c4a923c88be502d7e58c455d149c106d531e7f4abb59d7bcc

SHA512
2ef01133f897e62715d282161ec45c070745320ebb27379d941a110d3a862e5b145f7738689e92ceab07d891cdfe559c06b951b7481e187402963788f1efa63c

Download Submit
memory/2208-0-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/2208-1-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/2208-2-0x0000000000470000-0x0000000000476000-memory.dmp

Filesize
24KB

Download
memory/2544-15-0x0000000000330000-0x0000000000336000-memory.dmp

Filesize
24KB

Download
memory/2544-17-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download