0b2690ae2009245da84be2c25f8c2043a436960df2f21582edfb2e5f39644105

Analysis

max time kernel
110s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/10/2024, 13:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0b2690ae2009245da84be2c25f8c2043a436960df2f21582edfb2e5f39644105N.exe
Size

56KB
MD5

6eb46f37008f884a5ec1c25075abfc10
SHA1

2a52ede84d00e1c815a48169d758260ede2c28ae
SHA256

0b2690ae2009245da84be2c25f8c2043a436960df2f21582edfb2e5f39644105
SHA512

9034c86f3274b6ee444193f783dfa4083c83fd228f976e3901df97780d7d7cda05bb6064da730f3d293dafaacfa52efd5d61ebebd43abeb26967f1f073cb9af5
SSDEEP

1536:qmbhXDmjr5MOtEvwDpj5cDtKkQZQRKb6148:BbdDmjr+OtEvwDpjMP

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2300	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2868	0b2690ae2009245da84be2c25f8c2043a436960df2f21582edfb2e5f39644105N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0b2690ae2009245da84be2c25f8c2043a436960df2f21582edfb2e5f39644105N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asih.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2300	2868	0b2690ae2009245da84be2c25f8c2043a436960df2f21582edfb2e5f39644105N.exe	28
PID 2868 wrote to memory of 2300	2868	0b2690ae2009245da84be2c25f8c2043a436960df2f21582edfb2e5f39644105N.exe	28
PID 2868 wrote to memory of 2300	2868	0b2690ae2009245da84be2c25f8c2043a436960df2f21582edfb2e5f39644105N.exe	28
PID 2868 wrote to memory of 2300	2868	0b2690ae2009245da84be2c25f8c2043a436960df2f21582edfb2e5f39644105N.exe	28

C:\Users\Admin\AppData\Local\Temp\0b2690ae2009245da84be2c25f8c2043a436960df2f21582edfb2e5f39644105N.exe
"C:\Users\Admin\AppData\Local\Temp\0b2690ae2009245da84be2c25f8c2043a436960df2f21582edfb2e5f39644105N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
56KB

MD5
a3089b7a299072b0a7ff2f3292533554

SHA1
246f5df95372d7f06c78787b84c283e577aa47c1

SHA256
9e8225aa51a694e6fec60c7f0ae92a8e318dcf9eeaa285f5a442737e9502b7b0

SHA512
b11d2941ba77df78dc2dda5ccd9166a42423799f5ee844925e2c8548abb7aabaf91e4c63ef2e8bcde0da777870524e4bd4e90d016b1a72dadf3cb291ebfd1717

Download Submit
memory/2300-17-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2300-19-0x00000000003A0000-0x00000000003A6000-memory.dmp

Filesize
24KB

Download
memory/2300-26-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2300-27-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2868-1-0x0000000000310000-0x0000000000316000-memory.dmp

Filesize
24KB

Download
memory/2868-9-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2868-8-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2868-0-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2868-14-0x00000000006A0000-0x00000000006B0000-memory.dmp

Filesize
64KB

Download