e8b8aa0974e56798289798fc20443d182ed911b47bfcd888439c514d7367517a

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/03/2024, 03:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b995ac9854a8c3a8c7a152d9f7714b08.exe
Size

80KB
MD5

b995ac9854a8c3a8c7a152d9f7714b08
SHA1

0fafb9d75bebbdfc06d0f64a3ff2b218f489354e
SHA256

e8b8aa0974e56798289798fc20443d182ed911b47bfcd888439c514d7367517a
SHA512

68438d5212f28998e60c749259e2bda54fbdbd3dffcac7063fc7a8c71b6fd2911ff5293cffc0d8fd19f320a3149375308b2a48eac25f0d2b8497f432b5c5fc79
SSDEEP

1536:Tj+jsMQMOtEvwDpj5HmpJpOUHECgNMo0vp2EMMrT:TCjsIOtEvwDpj5HE/OUHnSM5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1092	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2320	b995ac9854a8c3a8c7a152d9f7714b08.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 1092	2320	b995ac9854a8c3a8c7a152d9f7714b08.exe	28
PID 2320 wrote to memory of 1092	2320	b995ac9854a8c3a8c7a152d9f7714b08.exe	28
PID 2320 wrote to memory of 1092	2320	b995ac9854a8c3a8c7a152d9f7714b08.exe	28
PID 2320 wrote to memory of 1092	2320	b995ac9854a8c3a8c7a152d9f7714b08.exe	28

C:\Users\Admin\AppData\Local\Temp\b995ac9854a8c3a8c7a152d9f7714b08.exe
"C:\Users\Admin\AppData\Local\Temp\b995ac9854a8c3a8c7a152d9f7714b08.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:1092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
80KB

MD5
fc1b4bf098874cb2fc4e031464fdced5

SHA1
3cdcf67a15d2cb5df9f26639f14b4d93e6fc7b1e

SHA256
8ce2fa3532ee74cec81cb4f8dc85451f60dc6b29f27252d6d6e0da9e823c6860

SHA512
2e1fbe3b1c85e56bae4c70b794c1149b70d7b7e7202bdbcc706dfe8a1eb71a61247352f8e6062aa96f6b5f87199be5d290959e59a3f2ef57af1a5646a0ddc4a1

Download Submit
memory/1092-17-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/1092-19-0x0000000000290000-0x0000000000296000-memory.dmp

Filesize
24KB

Download
memory/1092-26-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/2320-0-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/2320-1-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2320-3-0x0000000000470000-0x0000000000476000-memory.dmp

Filesize
24KB

Download
memory/2320-2-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2320-15-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/2320-16-0x0000000002800000-0x000000000280E000-memory.dmp

Filesize
56KB

Download