Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
11/06/2024, 01:21
Behavioral task
behavioral1
Sample
09c216a38af773a905fb2cf0fb48cab2.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
09c216a38af773a905fb2cf0fb48cab2.exe
Resource
win10v2004-20240226-en
General
-
Target
09c216a38af773a905fb2cf0fb48cab2.exe
-
Size
64KB
-
MD5
09c216a38af773a905fb2cf0fb48cab2
-
SHA1
3839cb62386adf48594a6cf44523d1464770e585
-
SHA256
619cf17b71f9e07abc0a7304e2e9895e94a8892a85e2b8268c83086397fbc550
-
SHA512
43b60d9ddecbfed2cfd3ae95f822f4efc28d3d83c004de39c014136e96994746d0147a432d84bd5d822588f5f54f4a0895a8fd60bc5738e39aae9b1400cabe99
-
SSDEEP
1536:P8mnK6QFElP6n+gymddpMOtEvwDpjYMWQfL:1nK6a+qdOOtEvwDpjt
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1308 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 2324 09c216a38af773a905fb2cf0fb48cab2.exe -
resource yara_rule behavioral1/memory/2324-8-0x0000000000500000-0x000000000050F311-memory.dmp upx behavioral1/files/0x000d000000012262-11.dat upx behavioral1/memory/1308-15-0x0000000000500000-0x000000000050F311-memory.dmp upx behavioral1/memory/1308-25-0x0000000000500000-0x000000000050F311-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2324 wrote to memory of 1308 2324 09c216a38af773a905fb2cf0fb48cab2.exe 28 PID 2324 wrote to memory of 1308 2324 09c216a38af773a905fb2cf0fb48cab2.exe 28 PID 2324 wrote to memory of 1308 2324 09c216a38af773a905fb2cf0fb48cab2.exe 28 PID 2324 wrote to memory of 1308 2324 09c216a38af773a905fb2cf0fb48cab2.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\09c216a38af773a905fb2cf0fb48cab2.exe"C:\Users\Admin\AppData\Local\Temp\09c216a38af773a905fb2cf0fb48cab2.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2324 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:1308
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5c5533992e5542872f76748d610d871fc
SHA16d4f5d757a26e38b202ccebc6dbbe8d8006d8bf5
SHA256ca31f4cbfcd3789555ef87e391e6442a1825338cd2e55acd2438a35335f1a5f5
SHA512e6b4577fe039d038d41f5c7e5ee6b89eceb553b08401e880cbec2ea149b7c7473bd81df4a6ee5f590ff9b0e3a3696fcf9ba1784d14e6becb144919d4fb7884bc