Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
07/11/2024, 15:14
Behavioral task
behavioral1
Sample
55cc4c2219be1d3772897d7adf8966b64e05eecb74db00a316b41a631c58137aN.exe
Resource
win7-20240903-en
General
-
Target
55cc4c2219be1d3772897d7adf8966b64e05eecb74db00a316b41a631c58137aN.exe
-
Size
92KB
-
MD5
35080adfcfd7b0a77490c537eea2d720
-
SHA1
f10494f9defea6214cbe9631cdb3b90aa9e29598
-
SHA256
55cc4c2219be1d3772897d7adf8966b64e05eecb74db00a316b41a631c58137a
-
SHA512
934aeb56e8750fbda77fbf8e869e02377540490b056d1591b935ebef2493dbe00d48fa84b78c00b5284e4c09a2d82e40aa68ec97b008fcae075565e378226971
-
SSDEEP
1536:qkmnpomddpMOtEvwDpjJGYQbN/PKwNgpYa:AnBdOOtEvwDpj6zA
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2768 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 2328 55cc4c2219be1d3772897d7adf8966b64e05eecb74db00a316b41a631c58137aN.exe -
resource yara_rule behavioral1/memory/2328-0-0x0000000000500000-0x000000000050F000-memory.dmp upx behavioral1/files/0x000c00000001225b-11.dat upx behavioral1/memory/2768-18-0x0000000000500000-0x000000000050F000-memory.dmp upx behavioral1/memory/2328-17-0x0000000000500000-0x000000000050F000-memory.dmp upx behavioral1/memory/2768-28-0x0000000000500000-0x000000000050F000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language asih.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 55cc4c2219be1d3772897d7adf8966b64e05eecb74db00a316b41a631c58137aN.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2328 wrote to memory of 2768 2328 55cc4c2219be1d3772897d7adf8966b64e05eecb74db00a316b41a631c58137aN.exe 31 PID 2328 wrote to memory of 2768 2328 55cc4c2219be1d3772897d7adf8966b64e05eecb74db00a316b41a631c58137aN.exe 31 PID 2328 wrote to memory of 2768 2328 55cc4c2219be1d3772897d7adf8966b64e05eecb74db00a316b41a631c58137aN.exe 31 PID 2328 wrote to memory of 2768 2328 55cc4c2219be1d3772897d7adf8966b64e05eecb74db00a316b41a631c58137aN.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\55cc4c2219be1d3772897d7adf8966b64e05eecb74db00a316b41a631c58137aN.exe"C:\Users\Admin\AppData\Local\Temp\55cc4c2219be1d3772897d7adf8966b64e05eecb74db00a316b41a631c58137aN.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2328 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2768
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD56f298d16675c35aa6bd25c0fa697858a
SHA186f2daf0b26851e02d2d58b2a2d1ff8ff9d77eac
SHA25651407a2e6ffa519cdc07c038256b75166ef49cfe04d1f3e32f45c31720cc04a1
SHA5129b1369b1d0bef0963fb95c46b7a20cfc242416598538740df5a197e6d5f2820e72a0238e0cf7e3561fe5a8a7974b8be55b68683994fa5226c5bc3d264e85facd