4db18774386154b4daa8e9be589e8f913ca77df5d0c36ecab89ced0577fb9ed4

Analysis

max time kernel
119s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

321ae8f6c4de80a80e8787c75872e830N.exe
Size

75KB
MD5

321ae8f6c4de80a80e8787c75872e830
SHA1

b056deb7224320c0640678c747eb709e7b8f108a
SHA256

4db18774386154b4daa8e9be589e8f913ca77df5d0c36ecab89ced0577fb9ed4
SHA512

083967a4efe53781adb3f14e97def972235c2ebf8ae6809d620f6eedac55268fa2172d488bfd660954694a0690678a481d7cfdf282e824a3128fe964a65c615f
SSDEEP

768:DLR7ix70zQozpW7YYCqgio1ph3Oqyqwu3YME5pfwCIQ0tZcMBOiXcuCZ:DLR7ix70zDzpW7YYiio1pzyiTv14ivCZ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2252	lasis.exe

Loads dropped DLL 2 IoCs

pid	Process
2520	321ae8f6c4de80a80e8787c75872e830N.exe
2520	321ae8f6c4de80a80e8787c75872e830N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 2252	2520	321ae8f6c4de80a80e8787c75872e830N.exe	30
PID 2520 wrote to memory of 2252	2520	321ae8f6c4de80a80e8787c75872e830N.exe	30
PID 2520 wrote to memory of 2252	2520	321ae8f6c4de80a80e8787c75872e830N.exe	30
PID 2520 wrote to memory of 2252	2520	321ae8f6c4de80a80e8787c75872e830N.exe	30

C:\Users\Admin\AppData\Local\Temp\321ae8f6c4de80a80e8787c75872e830N.exe
"C:\Users\Admin\AppData\Local\Temp\321ae8f6c4de80a80e8787c75872e830N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Users\Admin\AppData\Local\Temp\lasis.exe
  "C:\Users\Admin\AppData\Local\Temp\lasis.exe"
  2⤵
  - Executes dropped EXE
  PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\lasis.exe

Filesize
75KB

MD5
75e2616cdf33508ae3b74a81669a48db

SHA1
46099aeac1be6f490484af649a2a70b6b7132d8d

SHA256
2a1c0fe667b4e084686ecca518d6e69d9f95d3ae4aa82605dfa07b9f4b26f889

SHA512
a29e9076384ebc9d1a613c37799976f2dd69256cba519ac1d7412e94f21d54126daa821237e215896cb4c0968d668b4f6b6c6fe02ba54482a3789f17579f19a6

Download Submit
memory/2252-11-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2520-1-0x0000000000402000-0x0000000000403000-memory.dmp

Filesize
4KB

Download