2c67bcec8acbff1cafe60624c8a0b20be4a3300f25e90ba25a6e8c1e6cb6020f

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 10:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c67bcec8acbff1cafe60624c8a0b20be4a3300f25e90ba25a6e8c1e6cb6020f.exe
Size

48KB
MD5

635b740b8aeedd28d465aa0b2cf2caa5
SHA1

34d8b88b694714ebb5ea062bb752688ccbf2c98a
SHA256

2c67bcec8acbff1cafe60624c8a0b20be4a3300f25e90ba25a6e8c1e6cb6020f
SHA512

7f7d0e47d4dc480866bbf276c3b8684de0e1e5c971434aea8172329c6b1d2ea71e4e2eed8827e48002916ab11ea95127a845a33b0860551a9cb16a48b617fe26
SSDEEP

384:icX+ni9VCr5nQI021q4VQBqURYp055TOtOOtEvwDpjqIGR/hHi7/OlI0G/BdmRST:XS5nQJ24LR1bytOOtEvwDpjNbP/bm2tj

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1644	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1684	2c67bcec8acbff1cafe60624c8a0b20be4a3300f25e90ba25a6e8c1e6cb6020f.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 1644	1684	2c67bcec8acbff1cafe60624c8a0b20be4a3300f25e90ba25a6e8c1e6cb6020f.exe	28
PID 1684 wrote to memory of 1644	1684	2c67bcec8acbff1cafe60624c8a0b20be4a3300f25e90ba25a6e8c1e6cb6020f.exe	28
PID 1684 wrote to memory of 1644	1684	2c67bcec8acbff1cafe60624c8a0b20be4a3300f25e90ba25a6e8c1e6cb6020f.exe	28
PID 1684 wrote to memory of 1644	1684	2c67bcec8acbff1cafe60624c8a0b20be4a3300f25e90ba25a6e8c1e6cb6020f.exe	28

C:\Users\Admin\AppData\Local\Temp\2c67bcec8acbff1cafe60624c8a0b20be4a3300f25e90ba25a6e8c1e6cb6020f.exe
"C:\Users\Admin\AppData\Local\Temp\2c67bcec8acbff1cafe60624c8a0b20be4a3300f25e90ba25a6e8c1e6cb6020f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:1644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
49KB

MD5
e60d8250f730e0048dfa5bdeb0c365a2

SHA1
da2d3305cba74dec8bebf410599268ccb2ddb2ba

SHA256
f0bf9233bad2f6c2d5154171ce41201b0e871071d21324a6aaa9fa8ed8acae14

SHA512
83c07c5f779002370807d4a8c48c8e1d108dc36184a6cbb42736df6f16b9eb615f084ca30ac15f2b3df675dbfc058688591100a9abb090d31c4e92237d56af0b

Download Submit
memory/1644-19-0x0000000000480000-0x0000000000486000-memory.dmp

Filesize
24KB

Download
memory/1644-27-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/1644-26-0x0000000000440000-0x0000000000446000-memory.dmp

Filesize
24KB

Download
memory/1684-0-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/1684-1-0x0000000000330000-0x0000000000336000-memory.dmp

Filesize
24KB

Download
memory/1684-9-0x0000000000330000-0x0000000000336000-memory.dmp

Filesize
24KB

Download
memory/1684-2-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/1684-13-0x0000000000480000-0x000000000048F000-memory.dmp

Filesize
60KB

Download
memory/1684-17-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download