f03544c2e1b46862a0fa6c4aee19a06fcad75715527f1567e5c79b550372e3a2

Analysis

max time kernel
148s
max time network
148s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 03:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e204b0ff948f593e2d38b3f9e4ae2b58.exe
Size

64KB
MD5

e204b0ff948f593e2d38b3f9e4ae2b58
SHA1

cdf1b08bad7f5185ce8d446eae7ae67d884f4120
SHA256

f03544c2e1b46862a0fa6c4aee19a06fcad75715527f1567e5c79b550372e3a2
SHA512

f4da5e4f05a384b35e26b346c032764b256a46f7f33187166b897a4620fb017a0ddac96f2ac7ac9edb847d926dc8488465e6316fa7e758c07ee179ec22aa2a4e
SSDEEP

1536:qmbhXDmjr5MOtEvwDpj5cDtKkQZQRKb61vSbgtsi+:BbdDmjr+OtEvwDpjM8L

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2560	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1632	e204b0ff948f593e2d38b3f9e4ae2b58.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 2560	1632	e204b0ff948f593e2d38b3f9e4ae2b58.exe	28
PID 1632 wrote to memory of 2560	1632	e204b0ff948f593e2d38b3f9e4ae2b58.exe	28
PID 1632 wrote to memory of 2560	1632	e204b0ff948f593e2d38b3f9e4ae2b58.exe	28
PID 1632 wrote to memory of 2560	1632	e204b0ff948f593e2d38b3f9e4ae2b58.exe	28

C:\Users\Admin\AppData\Local\Temp\e204b0ff948f593e2d38b3f9e4ae2b58.exe
"C:\Users\Admin\AppData\Local\Temp\e204b0ff948f593e2d38b3f9e4ae2b58.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
64KB

MD5
f897b75ca74e7cf68289f08cd916ba5a

SHA1
edf544a1a4934ffe4de24b69b96ae3009f8e66ba

SHA256
a06178415d70f6e41a21a9761ea2337aa9cf03eaab0d706960f6dcca49fc5eb3

SHA512
79c9cdb8cfc4bd9e46b09dad9cdf1fbbd576488a159a3a42b9729f2710a35c5748455807eed761d8f46eccc9337ede7e8777d015172832a0c4c54bec28073d97

Download Submit
memory/1632-0-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/1632-1-0x0000000000360000-0x0000000000366000-memory.dmp

Filesize
24KB

Download
memory/1632-2-0x00000000004A0000-0x00000000004A6000-memory.dmp

Filesize
24KB

Download
memory/1632-9-0x0000000000360000-0x0000000000366000-memory.dmp

Filesize
24KB

Download
memory/1632-16-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2560-17-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2560-19-0x0000000000460000-0x0000000000466000-memory.dmp

Filesize
24KB

Download
memory/2560-26-0x0000000000420000-0x0000000000426000-memory.dmp

Filesize
24KB

Download
memory/2560-27-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download