7930ed12d87883ddac38d87b485964b106a8b85d939d47b72a8b9f723d86a077

Analysis

max time kernel
148s
max time network
148s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:24

Target

7930ed12d87883ddac38d87b485964b106a8b85d939d47b72a8b9f723d86a077.exe
Size

5KB
MD5

1ed8fa4e65470cc0197adf9d71e4c30d
SHA1

04d45fe677498ba564ca1aad5d86ca9dd28b5903
SHA256

7930ed12d87883ddac38d87b485964b106a8b85d939d47b72a8b9f723d86a077
SHA512

eab01f2c459c03b70f66b14dd06d7ca301bd5db9db95919b1caa5abcf1ad7dad99579d10c3a27dbb53f9c72075021e4e0798569aff66f2acd0fe628e19750324
SSDEEP

48:qvECf6Am8RB/G9X3/dANnZ1rsHB/VnC/RAxUl2CS70ALNx:nCTxLM1ANnZuHnnwR2Ul2ClAhx

Score

7^/10

Deletes itself 1 IoCs

Processes:

lasma.exe

pid process

2352 lasma.exe
Executes dropped EXE 1 IoCs

Processes:

lasma.exe

pid process

2352 lasma.exe

pid	process
2352	lasma.exe

pid	process
2352	lasma.exe

Loads dropped DLL 2 IoCs

Processes:

7930ed12d87883ddac38d87b485964b106a8b85d939d47b72a8b9f723d86a077.exe

pid	process
2184	7930ed12d87883ddac38d87b485964b106a8b85d939d47b72a8b9f723d86a077.exe
2184	7930ed12d87883ddac38d87b485964b106a8b85d939d47b72a8b9f723d86a077.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

7930ed12d87883ddac38d87b485964b106a8b85d939d47b72a8b9f723d86a077.exe

description	pid	process	target process
PID 2184 wrote to memory of 2352	2184	7930ed12d87883ddac38d87b485964b106a8b85d939d47b72a8b9f723d86a077.exe	lasma.exe
PID 2184 wrote to memory of 2352	2184	7930ed12d87883ddac38d87b485964b106a8b85d939d47b72a8b9f723d86a077.exe	lasma.exe
PID 2184 wrote to memory of 2352	2184	7930ed12d87883ddac38d87b485964b106a8b85d939d47b72a8b9f723d86a077.exe	lasma.exe
PID 2184 wrote to memory of 2352	2184	7930ed12d87883ddac38d87b485964b106a8b85d939d47b72a8b9f723d86a077.exe	lasma.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\lasma.exe

Filesize
5KB

MD5
5caac2c506085e000b26be4c4d44a316

SHA1
1e2d3df227d4ef144e98d4c4f935611a44bac9cd

SHA256
f69e7249d9a7f8f61ebd0181b85e85a9af29152d0a407577f1b17d6a634cfc46

SHA512
0b0e5cc8b851de43a446a97aecbdb3995ebe138d66d4057a8fac019565132729f48b8ecf601ffb34083bcd889c257114718ed3b7fc9c95907ab94855b59bca34

Download Submit