cec3775f7f23bd928bc9ecbdabe164c1dce021ed884e17763da10da21418fbf3

Analysis

max time kernel
150s
max time network
158s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 01:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

327b653086abce1916842fa455f7ea60.exe
Size

43KB
MD5

327b653086abce1916842fa455f7ea60
SHA1

aa4a1e996ac8c0085f980bd0df7ffcb58ed9edc6
SHA256

cec3775f7f23bd928bc9ecbdabe164c1dce021ed884e17763da10da21418fbf3
SHA512

8f8949784a98a22112ba2ab4e461579122364402f520e0065d0d0c64b26db06ad0e4509f36d79cfb07605c42fbcfbb9f4c8877379f985a1ad121ae7afa4c93af
SSDEEP

768:TS5nQJ24LR7tOOtEvwDpjGqPhqlcnvhx5/xFRp5jd:m5nkFNMOtEvwDpjG8hhXj5R

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2560	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
3036	327b653086abce1916842fa455f7ea60.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 2560	3036	327b653086abce1916842fa455f7ea60.exe	28
PID 3036 wrote to memory of 2560	3036	327b653086abce1916842fa455f7ea60.exe	28
PID 3036 wrote to memory of 2560	3036	327b653086abce1916842fa455f7ea60.exe	28
PID 3036 wrote to memory of 2560	3036	327b653086abce1916842fa455f7ea60.exe	28

C:\Users\Admin\AppData\Local\Temp\327b653086abce1916842fa455f7ea60.exe
"C:\Users\Admin\AppData\Local\Temp\327b653086abce1916842fa455f7ea60.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
43KB

MD5
194f8c8847f8feea04a26950afb70909

SHA1
d0fc0b0f65fa417e6d4626050d6262780bfab84d

SHA256
06ec8deb1570a14f69c80bf03b031f80488c6c45f0ab76a70da9acc93554b373

SHA512
90ea9bceca9797a94bb24dbbba720c5cb3712b16bcdcc998f10d5283652a141fba44909467bed67df1267c1b9bde7a66f6ffc91d264f526cc49409b860b231e8

Download Submit
memory/2560-17-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/2560-19-0x0000000000460000-0x0000000000466000-memory.dmp

Filesize
24KB

Download
memory/2560-26-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/3036-0-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/3036-1-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/3036-2-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/3036-9-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/3036-16-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download