396c6fcfeec4ddd209cd77ad8f584de6faa905c12c6b1dff42d7c25c877be03f

Analysis

max time kernel
133s
max time network
145s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 02:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19cc90d9c9205b2d568b41dec1bbf8a9.exe
Size

54KB
MD5

19cc90d9c9205b2d568b41dec1bbf8a9
SHA1

1f8e85298449f69c6db7cdae0bbe4a2530dd744e
SHA256

396c6fcfeec4ddd209cd77ad8f584de6faa905c12c6b1dff42d7c25c877be03f
SHA512

2417fc8a7be3966f920d8ca7bc74fd562aef1c9bdc522c0bb6335430a362a364bb6859e6b08ef910293f308a3e66f9dd054a5b2d4998f96505b37d31d5e3dfae
SSDEEP

768:X6LsoEEeegiZPvEhHSG+gp/BtOOtEvwDpjBVaD3E09vxmlcaTt:X6QFElP6n+gJBMOtEvwDpjBtExmlh

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2136	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2196	19cc90d9c9205b2d568b41dec1bbf8a9.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2136	2196	19cc90d9c9205b2d568b41dec1bbf8a9.exe	31
PID 2196 wrote to memory of 2136	2196	19cc90d9c9205b2d568b41dec1bbf8a9.exe	31
PID 2196 wrote to memory of 2136	2196	19cc90d9c9205b2d568b41dec1bbf8a9.exe	31
PID 2196 wrote to memory of 2136	2196	19cc90d9c9205b2d568b41dec1bbf8a9.exe	31

C:\Users\Admin\AppData\Local\Temp\19cc90d9c9205b2d568b41dec1bbf8a9.exe
"C:\Users\Admin\AppData\Local\Temp\19cc90d9c9205b2d568b41dec1bbf8a9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
54KB

MD5
ca90397ae99810c0ede3431fefce4dd0

SHA1
54b81e00cfbd3b2d200dd3f38c2dfc6df1ffab5f

SHA256
fa23b9870b86739009b3bdfd973f6c527d48420a519e7726f7eef4e99c0c2270

SHA512
54f87068cea370f4c338974bed438e26c80435def98d6a6b01fa1deefe22053b4086b3ce8f8f5592568d1d80a687c5112ffc9f90670b975855bc85634468c202

Download Submit
memory/2136-15-0x0000000000310000-0x0000000000316000-memory.dmp

Filesize
24KB

Download
memory/2136-22-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2196-8-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2196-1-0x0000000000290000-0x0000000000296000-memory.dmp

Filesize
24KB

Download
memory/2196-0-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download