Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2024, 15:14

General

  • Target

    55cc4c2219be1d3772897d7adf8966b64e05eecb74db00a316b41a631c58137aN.exe

  • Size

    92KB

  • MD5

    35080adfcfd7b0a77490c537eea2d720

  • SHA1

    f10494f9defea6214cbe9631cdb3b90aa9e29598

  • SHA256

    55cc4c2219be1d3772897d7adf8966b64e05eecb74db00a316b41a631c58137a

  • SHA512

    934aeb56e8750fbda77fbf8e869e02377540490b056d1591b935ebef2493dbe00d48fa84b78c00b5284e4c09a2d82e40aa68ec97b008fcae075565e378226971

  • SSDEEP

    1536:qkmnpomddpMOtEvwDpjJGYQbN/PKwNgpYa:AnBdOOtEvwDpj6zA

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55cc4c2219be1d3772897d7adf8966b64e05eecb74db00a316b41a631c58137aN.exe
    "C:\Users\Admin\AppData\Local\Temp\55cc4c2219be1d3772897d7adf8966b64e05eecb74db00a316b41a631c58137aN.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2328
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2768

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\asih.exe

          Filesize

          92KB

          MD5

          6f298d16675c35aa6bd25c0fa697858a

          SHA1

          86f2daf0b26851e02d2d58b2a2d1ff8ff9d77eac

          SHA256

          51407a2e6ffa519cdc07c038256b75166ef49cfe04d1f3e32f45c31720cc04a1

          SHA512

          9b1369b1d0bef0963fb95c46b7a20cfc242416598538740df5a197e6d5f2820e72a0238e0cf7e3561fe5a8a7974b8be55b68683994fa5226c5bc3d264e85facd

        • memory/2328-0-0x0000000000500000-0x000000000050F000-memory.dmp

          Filesize

          60KB

        • memory/2328-1-0x00000000004B0000-0x00000000004B6000-memory.dmp

          Filesize

          24KB

        • memory/2328-3-0x00000000004F0000-0x00000000004F6000-memory.dmp

          Filesize

          24KB

        • memory/2328-2-0x00000000004B0000-0x00000000004B6000-memory.dmp

          Filesize

          24KB

        • memory/2328-13-0x00000000023A0000-0x00000000023AF000-memory.dmp

          Filesize

          60KB

        • memory/2328-17-0x0000000000500000-0x000000000050F000-memory.dmp

          Filesize

          60KB

        • memory/2768-18-0x0000000000500000-0x000000000050F000-memory.dmp

          Filesize

          60KB

        • memory/2768-20-0x0000000000280000-0x0000000000286000-memory.dmp

          Filesize

          24KB

        • memory/2768-27-0x0000000000240000-0x0000000000246000-memory.dmp

          Filesize

          24KB

        • memory/2768-28-0x0000000000500000-0x000000000050F000-memory.dmp

          Filesize

          60KB