d46a0db52b04c9e3dc32bc3c7c4013a7312623a15693b710819cd3821de9afae

Analysis

max time kernel
132s
max time network
139s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
27/03/2024, 02:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4a8833b299aea9587c9dc20d768623ae.exe
Size

62KB
MD5

4a8833b299aea9587c9dc20d768623ae
SHA1

cd641e9441cfb445c733cbbd160178cae44faaff
SHA256

d46a0db52b04c9e3dc32bc3c7c4013a7312623a15693b710819cd3821de9afae
SHA512

4b4d41439e245c98e8e6ee382e9c5b39998b874d38209ce0b8933be3ed8a8745ac8968e1fbe98a035b525f2ac1914f13db956ec4c4b4add0c3d2162783bd754e
SSDEEP

1536:Tj+jsMQMOtEvwDpj5HmpJpOUHECgNMo0vp2EMpa:TCjsIOtEvwDpj5HE/OUHnSMn

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2520	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2040	4a8833b299aea9587c9dc20d768623ae.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 2520	2040	4a8833b299aea9587c9dc20d768623ae.exe	28
PID 2040 wrote to memory of 2520	2040	4a8833b299aea9587c9dc20d768623ae.exe	28
PID 2040 wrote to memory of 2520	2040	4a8833b299aea9587c9dc20d768623ae.exe	28
PID 2040 wrote to memory of 2520	2040	4a8833b299aea9587c9dc20d768623ae.exe	28

C:\Users\Admin\AppData\Local\Temp\4a8833b299aea9587c9dc20d768623ae.exe
"C:\Users\Admin\AppData\Local\Temp\4a8833b299aea9587c9dc20d768623ae.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
63KB

MD5
3fd146ac0b3779f04057f8e6e98a569b

SHA1
2fe2ea19c8456ec13c0ad5e3a9eead8e001281bb

SHA256
3b9879a35b9c7bedad7fdcf071c63ec4a1aebcff7d723267e8444cedaa86119a

SHA512
c7ed6211345f7d199825edc933e5999e15c96af28807edfcf2771d2e49e43662dd010064dc9b1d10a7ee4d4199565b646f052903941632cf7204c0af282add8b

Download Submit
memory/2040-0-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/2040-1-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/2040-2-0x0000000000290000-0x0000000000296000-memory.dmp

Filesize
24KB

Download
memory/2040-3-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/2040-15-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/2520-16-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/2520-19-0x0000000000350000-0x0000000000356000-memory.dmp

Filesize
24KB

Download
memory/2520-18-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2520-26-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download