a314668429f1faf373d826963f6683e71060e2edb6b8b97745ed0173405d52e1

Analysis

max time kernel
149s
max time network
149s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30/06/2024, 01:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45f46b800363c95656da31af7e51ecee.exe
Size

45KB
MD5

45f46b800363c95656da31af7e51ecee
SHA1

b2048ce54b95973228a07c876fc7fca329806e4c
SHA256

a314668429f1faf373d826963f6683e71060e2edb6b8b97745ed0173405d52e1
SHA512

d677ca2e5b0468c9859038fd95542a0820aee0ad76bb5d16ff862cfa0ba787dad7a729c393cceb4da4c923d1d0c2ead945ed4f08035f4def5a8c254f8023affa
SSDEEP

384:bm74uGLLQRcsdeQ72ngEr4K7YmE8jb0nrlwfjDUk3G:bm74zYcgT/EkM0ryfjd3G

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2916	hasfj.exe

Loads dropped DLL 1 IoCs

pid	Process
1932	45f46b800363c95656da31af7e51ecee.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 2916	1932	45f46b800363c95656da31af7e51ecee.exe	28
PID 1932 wrote to memory of 2916	1932	45f46b800363c95656da31af7e51ecee.exe	28
PID 1932 wrote to memory of 2916	1932	45f46b800363c95656da31af7e51ecee.exe	28
PID 1932 wrote to memory of 2916	1932	45f46b800363c95656da31af7e51ecee.exe	28

C:\Users\Admin\AppData\Local\Temp\45f46b800363c95656da31af7e51ecee.exe
"C:\Users\Admin\AppData\Local\Temp\45f46b800363c95656da31af7e51ecee.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Users\Admin\AppData\Local\Temp\hasfj.exe
  "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
  2⤵
  - Executes dropped EXE
  PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
46KB

MD5
0ba3aac63c7346f1e12537dbdf9a319c

SHA1
42c878d3afebcbc1d27966e06922a186a0c1028d

SHA256
0700381aea8de76cc85f2bda3c011d3b9be435790d47f96c92aa47946eb7e4ef

SHA512
d69ae78e252e0e653a95d803b00f86c63cfa0130383f56f0b72afe2164c850d2418aee9372538a67d261e9b5c6b1c0632ed97ded7c44b99a5bb92eb748080bf9

Download Submit
memory/1932-0-0x0000000008000000-0x000000000800D000-memory.dmp

Filesize
52KB

Download
memory/1932-9-0x0000000000480000-0x0000000000486000-memory.dmp

Filesize
24KB

Download
memory/1932-2-0x0000000000490000-0x0000000000496000-memory.dmp

Filesize
24KB

Download
memory/1932-1-0x0000000000480000-0x0000000000486000-memory.dmp

Filesize
24KB

Download
memory/1932-15-0x0000000008000000-0x000000000800D000-memory.dmp

Filesize
52KB

Download
memory/2916-25-0x0000000001CA0000-0x0000000001CA6000-memory.dmp

Filesize
24KB

Download
memory/2916-18-0x0000000001CB0000-0x0000000001CB6000-memory.dmp

Filesize
24KB

Download
memory/2916-16-0x0000000008000000-0x000000000800D000-memory.dmp

Filesize
52KB

Download
memory/2916-26-0x0000000008000000-0x000000000800D000-memory.dmp

Filesize
52KB

Download