373c40893c28cf2f1cfed7d2e452f76c3a5bf03dad84176a01d05d7283fd7531

Analysis

max time kernel
148s
max time network
148s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/03/2024, 03:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd425500d5952d7cbb2b83c4f0edd934.exe
Size

57KB
MD5

fd425500d5952d7cbb2b83c4f0edd934
SHA1

774f8203b3ddfbee5b1e4c57836bf945b37094ef
SHA256

373c40893c28cf2f1cfed7d2e452f76c3a5bf03dad84176a01d05d7283fd7531
SHA512

b83476f7f6303405c1f66d712e939be0feac9e873eda8019732f5f8e86c5b1eeb59e7a8e1b0676d25a1aefb0397a099212df67c9b13420f28aef7d36cbd293e6
SSDEEP

768:z6LsoEEeegiZPvEhHSG+gzum/kLyMro2GtOOtEvwDpj/YMLam5ax8iHd:z6QFElP6n+gKmddpMOtEvwDpj9aYa9d

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2552	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2320	fd425500d5952d7cbb2b83c4f0edd934.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2320-0-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x000b00000001224d-11.dat	upx
behavioral1/memory/2320-15-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/2552-17-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/2552-27-0x0000000000500000-0x0000000000510000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2552	2320	fd425500d5952d7cbb2b83c4f0edd934.exe	28
PID 2320 wrote to memory of 2552	2320	fd425500d5952d7cbb2b83c4f0edd934.exe	28
PID 2320 wrote to memory of 2552	2320	fd425500d5952d7cbb2b83c4f0edd934.exe	28
PID 2320 wrote to memory of 2552	2320	fd425500d5952d7cbb2b83c4f0edd934.exe	28

C:\Users\Admin\AppData\Local\Temp\fd425500d5952d7cbb2b83c4f0edd934.exe
"C:\Users\Admin\AppData\Local\Temp\fd425500d5952d7cbb2b83c4f0edd934.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
57KB

MD5
55545421151a16a9b96e4f3342b20a89

SHA1
16d14d3df91d7bd8daf7d5db7bc3f3a5f78ea777

SHA256
b3648a80e6944f238e305d580273de82ad85b04f1a0903faf338cab99d678a70

SHA512
2ed00414054c0e1edcb45931c2043198a687e9fc475becbb7ed28c6c5df401fdaf5823234db0afb84f353e4d93e33a87345c17e49c00946edd9fb94444630e41

Download Submit
memory/2320-0-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2320-1-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2320-2-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2320-8-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2320-15-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2320-16-0x0000000002BC0000-0x0000000002BD0000-memory.dmp

Filesize
64KB

Download
memory/2320-26-0x0000000002BC0000-0x0000000002BD0000-memory.dmp

Filesize
64KB

Download
memory/2552-17-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2552-19-0x0000000000380000-0x0000000000386000-memory.dmp

Filesize
24KB

Download
memory/2552-27-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download