7d42fd872c9ac7f5681c1181c7f46296dfd65856a34adf85b36f4ba3a3851e58

Analysis

max time kernel
135s
max time network
143s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-03-2024 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

90220ecffcb33c5a4cdeec36a0cd2cee.exe
Size

74KB
MD5

90220ecffcb33c5a4cdeec36a0cd2cee
SHA1

c76426fb79ba6028993783985cdf527ac8c488d4
SHA256

7d42fd872c9ac7f5681c1181c7f46296dfd65856a34adf85b36f4ba3a3851e58
SHA512

df7197dcdd6b368511db491cf12cb67751bcc309a266bf31401aaf94464441a3b28417bd8830a7527c84c0377a96d50e294d496ce2f93d020e2514105c1f1312
SSDEEP

768:xQz7yVEhs9+4uR1bytOOtEvwDpjWfbZ7uyA36S7MpxRXrZSUP2:xj+VGMOtEvwDpjubwQEI8UP2

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2976	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1692	90220ecffcb33c5a4cdeec36a0cd2cee.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 2976	1692	90220ecffcb33c5a4cdeec36a0cd2cee.exe	28
PID 1692 wrote to memory of 2976	1692	90220ecffcb33c5a4cdeec36a0cd2cee.exe	28
PID 1692 wrote to memory of 2976	1692	90220ecffcb33c5a4cdeec36a0cd2cee.exe	28
PID 1692 wrote to memory of 2976	1692	90220ecffcb33c5a4cdeec36a0cd2cee.exe	28

C:\Users\Admin\AppData\Local\Temp\90220ecffcb33c5a4cdeec36a0cd2cee.exe
"C:\Users\Admin\AppData\Local\Temp\90220ecffcb33c5a4cdeec36a0cd2cee.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
74KB

MD5
46336388c4ed4aaaf6f64dd2d80010ec

SHA1
c4d2a0480bd6178f3b7743fb461cacc83c911787

SHA256
3e4cb04b59cba2ebe0ccab88b18bbaa6b35fb67cbf4844cbc0541afaf7d3252c

SHA512
c86425dd0bf270626040dae9ff74656be73a288322fdff524f55590e9f957848afa320a01be5a644f940d4a1b8188536054937c491d18d747c814881968a2ce3

Download Submit
memory/1692-1-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/1692-0-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/1692-2-0x0000000000310000-0x0000000000316000-memory.dmp

Filesize
24KB

Download
memory/1692-3-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/1692-14-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2976-16-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2976-18-0x0000000000340000-0x0000000000346000-memory.dmp

Filesize
24KB

Download
memory/2976-25-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download