Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
11/06/2024, 01:21
Behavioral task
behavioral1
Sample
09d282e0b2e46e0dfeb7019a4989002c.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
09d282e0b2e46e0dfeb7019a4989002c.exe
Resource
win10v2004-20240426-en
General
-
Target
09d282e0b2e46e0dfeb7019a4989002c.exe
-
Size
95KB
-
MD5
09d282e0b2e46e0dfeb7019a4989002c
-
SHA1
317e81098aae16deef90830ab2dcdb9cd26c14fe
-
SHA256
3dde86b06ceeaac95a296430c00e6ca57c8d86dd10b3a3e6cca7175e2d39c379
-
SHA512
33e1ffb2f3aad91428631eb9a6c90125ae6fef8d2dae50c3248f1409e1161c9748f0d99ab7e8d7eae914c10bff5c13a3d19048be910cda6fae1c9709e0f3e94e
-
SSDEEP
1536:zj+soPSMOtEvwDpj4ktBl01hJl8QAPM8Ho6cRDjgx/kOL:zCsanOtEvwDpjBl
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2632 misid.exe -
Loads dropped DLL 1 IoCs
pid Process 1640 09d282e0b2e46e0dfeb7019a4989002c.exe -
resource yara_rule behavioral1/memory/1640-0-0x0000000000500000-0x0000000000510000-memory.dmp upx behavioral1/files/0x000c0000000122eb-11.dat upx behavioral1/memory/1640-13-0x0000000002BC0000-0x0000000002BD0000-memory.dmp upx behavioral1/memory/1640-16-0x0000000000500000-0x0000000000510000-memory.dmp upx behavioral1/memory/2632-26-0x0000000000500000-0x0000000000510000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1640 wrote to memory of 2632 1640 09d282e0b2e46e0dfeb7019a4989002c.exe 28 PID 1640 wrote to memory of 2632 1640 09d282e0b2e46e0dfeb7019a4989002c.exe 28 PID 1640 wrote to memory of 2632 1640 09d282e0b2e46e0dfeb7019a4989002c.exe 28 PID 1640 wrote to memory of 2632 1640 09d282e0b2e46e0dfeb7019a4989002c.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\09d282e0b2e46e0dfeb7019a4989002c.exe"C:\Users\Admin\AppData\Local\Temp\09d282e0b2e46e0dfeb7019a4989002c.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1640 -
C:\Users\Admin\AppData\Local\Temp\misid.exe"C:\Users\Admin\AppData\Local\Temp\misid.exe"2⤵
- Executes dropped EXE
PID:2632
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
96KB
MD5a2518f67ab14bfc5ef1562853627584d
SHA1bfb3ce78e1eac308de278c8a0d0bc2126986393e
SHA256b4fe9c0455c0ee8199d307a1bc8d88b71b40f2a78049994c19b81521abaf24e2
SHA51236d5b3726ab7cc0f14fa20127e65c7390d2ed4454e7df29e81ac049ec1e272969058ddffe7c01aefa1e7195dad947b714b5ef7ec9936190294897d422303d495