d5ee530c817fc8993f9bcd8aaaebdd3dedecd24bebeebe67ff2e32d0f3415443

Analysis

max time kernel
150s
max time network
156s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 10:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3589623bf0b27134407e3b2df7c13fe0N.exe
Size

391KB
MD5

3589623bf0b27134407e3b2df7c13fe0
SHA1

aea247d0a4d7d3f3989b6ee6201d5dffad8e524c
SHA256

d5ee530c817fc8993f9bcd8aaaebdd3dedecd24bebeebe67ff2e32d0f3415443
SHA512

50a64df5a312aca2d085fb3e1ef237e705aa7e141ba6ae0191fa20fc3e5157c4fbbfdf28969adf5895dbcb8663185751ca2ebc108c9d14810dfb3b04f393e9be
SSDEEP

6144:nnOsaQgAOjvrZFODJjBz3j1jTqQy6v2GGnugOtihzXRa:nnOflT/ZFIjBz3xjTxynGUOUhXRa

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3052	hasfj.exe

Loads dropped DLL 1 IoCs

pid	Process
3056	3589623bf0b27134407e3b2df7c13fe0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 3052	3056	3589623bf0b27134407e3b2df7c13fe0N.exe	31
PID 3056 wrote to memory of 3052	3056	3589623bf0b27134407e3b2df7c13fe0N.exe	31
PID 3056 wrote to memory of 3052	3056	3589623bf0b27134407e3b2df7c13fe0N.exe	31
PID 3056 wrote to memory of 3052	3056	3589623bf0b27134407e3b2df7c13fe0N.exe	31

C:\Users\Admin\AppData\Local\Temp\3589623bf0b27134407e3b2df7c13fe0N.exe
"C:\Users\Admin\AppData\Local\Temp\3589623bf0b27134407e3b2df7c13fe0N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Users\Admin\AppData\Local\Temp\hasfj.exe
  "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
  2⤵
  - Executes dropped EXE
  PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
391KB

MD5
66acb8fc76c7047d55f48b4c7e75e78b

SHA1
52a097bfcc2c1593fa65b88070529f921d78328c

SHA256
f2177c13c4ad87272ae5bc0eb14d3f6cf8ba9d2f9d521c53f2c7f481c1aa5b1c

SHA512
337d869680b7e64e20a87526416a5e9103ee754ebb3984b6e105f064206bade453f0e965d769b035a906fa82ec4d14f1a8886845b461de29790a0c65c3958888

Download Submit
memory/3052-22-0x0000000000390000-0x0000000000396000-memory.dmp

Filesize
24KB

Download
memory/3052-15-0x00000000003A0000-0x00000000003A6000-memory.dmp

Filesize
24KB

Download
memory/3056-0-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/3056-1-0x0000000000330000-0x0000000000336000-memory.dmp

Filesize
24KB

Download
memory/3056-8-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download