Overview

overview

10

Static

static

10

1cfb49a006...db.exe

windows7-x64

9

1cfb49a006...db.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    01-07-2024 19:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1cfb49a006300f723537fff477eba4c275f639b81b4312e508f92492624185db.exe

  • Size

    16KB

  • MD5

    ebd61de83b6f2ee599dd185b1d8878ba

  • SHA1

    dbc9bf259dd6c19dd89612ba58d8d4fcb35760cd

  • SHA256

    1cfb49a006300f723537fff477eba4c275f639b81b4312e508f92492624185db

  • SHA512

    81ea2eb63b9a6f6c3f5030ada9d9c4b585487f07e052c8884205b0e6fe12d0afece07ab05551c379440ea2667ff8d240f61b47547f5502de8c813b8fd96892f4

  • SSDEEP

    192:UXtT73NdbzQQzMQtN1P4SxQlYpW2uCIb2DA14hd3EwrcCenNSOnwOmOzO6i4163i:yx/aIwSkYpJXzQNSOwOmOzO6i4163i

Score
9/10

Malware Config

Signatures

  • Detects executables built or packed with MPress PE compressor 5 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1cfb49a006300f723537fff477eba4c275f639b81b4312e508f92492624185db.exe
    "C:\Users\Admin\AppData\Local\Temp\1cfb49a006300f723537fff477eba4c275f639b81b4312e508f92492624185db.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2312
    • C:\Users\Admin\AppData\Local\Temp\lasis.exe
      "C:\Users\Admin\AppData\Local\Temp\lasis.exe"
      2⤵
      • Executes dropped EXE
      PID:1304

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\lasis.exe
    Filesize

    17KB

    MD5

    a7db4bb63097ae604004688e7f727066

    SHA1

    9bd197f49b88c5b6d3bf91e2231915b0b585a584

    SHA256

    815d7e2dbf87afe7ab71eeaf0796ddbb2feafaa9042fc2ead960439bc929bbc7

    SHA512

    74ce8ade74c491624a85d92cc133c0d3c7c302d59f470de4b6233386a64b32581bf4b3c68050c694ea317d97ee594e5aaf03d6182a7a5da14260a59744dbea2c

    Download Submit

  • memory/1304-13-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1304-15-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2312-0-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2312-2-0x0000000000402000-0x0000000000403000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2312-12-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download