d789b5ed6428416a11f10bd11779b526186f5df0042ad0f4b25290371997e42e

Analysis

max time kernel
150s
max time network
151s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/06/2024, 02:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3d8b90fcc1372e162a86caa5f0be5228.exe
Size

63KB
MD5

3d8b90fcc1372e162a86caa5f0be5228
SHA1

ad181646ac54b7b136476a4157d2b7f9a77da82b
SHA256

d789b5ed6428416a11f10bd11779b526186f5df0042ad0f4b25290371997e42e
SHA512

d7cf79c56ae68cb7a2507c562ea528b5b66ed16245ddb6794bd745978ee1af72874e1203a4bc791ebcf3cf83f99df1cf4dd2b57f00d593d6f5d011f86036f896
SSDEEP

768:3Uz7yVEhs9+Hs1SQtOOtEvwDpjO9+4hdCY8EQMjpi/Wpi3B3URiLqCyLuAx8XG9B:3P+HsMQMOtEvwDpjoHy7B3g9CWuAxWQ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2828	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
3000	3d8b90fcc1372e162a86caa5f0be5228.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 2828	3000	3d8b90fcc1372e162a86caa5f0be5228.exe	28
PID 3000 wrote to memory of 2828	3000	3d8b90fcc1372e162a86caa5f0be5228.exe	28
PID 3000 wrote to memory of 2828	3000	3d8b90fcc1372e162a86caa5f0be5228.exe	28
PID 3000 wrote to memory of 2828	3000	3d8b90fcc1372e162a86caa5f0be5228.exe	28

C:\Users\Admin\AppData\Local\Temp\3d8b90fcc1372e162a86caa5f0be5228.exe
"C:\Users\Admin\AppData\Local\Temp\3d8b90fcc1372e162a86caa5f0be5228.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
63KB

MD5
faf5b872529b89b1ba56a415332a8c46

SHA1
524d01ffb0df114f1bb0d6093d9a27863a6e1357

SHA256
9cff4568991c3b068b38898e91d00c258d9c673723dfdbc865743a00ec48167c

SHA512
f6b823b294aa36fb6a5d8fce7ed8f9fb7e6fc52edf58668ae1b724c22efdae99bd4c4cfd80152dd14f9c2947ce7a97309643a1d06de7baa44d0eb99a22210612

Download Submit
memory/2828-16-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/2828-18-0x0000000000390000-0x0000000000396000-memory.dmp

Filesize
24KB

Download
memory/2828-25-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2828-26-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/3000-0-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/3000-2-0x00000000004E0000-0x00000000004E6000-memory.dmp

Filesize
24KB

Download
memory/3000-1-0x00000000004A0000-0x00000000004A6000-memory.dmp

Filesize
24KB

Download
memory/3000-9-0x00000000004A0000-0x00000000004A6000-memory.dmp

Filesize
24KB

Download
memory/3000-15-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download