a283fedaa4412c95a25878f88302ae502d0e075dd9e93c19bd81cae26fafa0ba

Analysis

max time kernel
148s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
06/06/2024, 02:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

949edbb0280fee8f741af70797a5860e.exe
Size

47KB
MD5

949edbb0280fee8f741af70797a5860e
SHA1

ce17e5ab5200e2e867c038636fee047950a0c27c
SHA256

a283fedaa4412c95a25878f88302ae502d0e075dd9e93c19bd81cae26fafa0ba
SHA512

c8c5a493daa3f4ade3f2195acd6d4fb92e04e214c95917895a70a31bb02002beade388186ba4ec0b459a69de1dcb23eeed7a9ba7df51fcd0ac386bce49cdf18d
SSDEEP

768:qmOKYQDf5XdrDmjr5tOOtEvwDpjAajFEitQbDmoSQCVUBJUkQqAHBIG05W2MoLZ:qmbhXDmjr5MOtEvwDpj5cDtKkQZQD

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1400	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2408	949edbb0280fee8f741af70797a5860e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 1400	2408	949edbb0280fee8f741af70797a5860e.exe	28
PID 2408 wrote to memory of 1400	2408	949edbb0280fee8f741af70797a5860e.exe	28
PID 2408 wrote to memory of 1400	2408	949edbb0280fee8f741af70797a5860e.exe	28
PID 2408 wrote to memory of 1400	2408	949edbb0280fee8f741af70797a5860e.exe	28

C:\Users\Admin\AppData\Local\Temp\949edbb0280fee8f741af70797a5860e.exe
"C:\Users\Admin\AppData\Local\Temp\949edbb0280fee8f741af70797a5860e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:1400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
47KB

MD5
27e5e7c1636fb2f76aeb60e416e191f3

SHA1
b428f7e4d2c4c4dcdf595747abe7eaf1ff57a668

SHA256
55af9099297eff54fdcc9e6efd5f9d2d78d3f76f7d24dff213552d506994fcbd

SHA512
1db7ce086f37813c6c3c04442eefb159783c3a0121c5e434cb3f64bd7de6c8aa967df1b41b187b8da19ad733657f61b3abff13542f2bbbb81d7e74b4d3b476f9

Download Submit
memory/1400-25-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1400-18-0x0000000000290000-0x0000000000296000-memory.dmp

Filesize
24KB

Download
memory/1400-26-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2408-0-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2408-1-0x00000000004E0000-0x00000000004E6000-memory.dmp

Filesize
24KB

Download
memory/2408-2-0x00000000006C0000-0x00000000006C6000-memory.dmp

Filesize
24KB

Download
memory/2408-9-0x00000000004E0000-0x00000000004E6000-memory.dmp

Filesize
24KB

Download
memory/2408-16-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download