c704ff6e66d4cb482ffd311662801623feec535ab93efdc3a722f28ea61781c6

Resubmissions

27-06-2024 10:22

240627-mee3jsyeqj 10

27-06-2024 10:18

240627-mcbmcayejj 3

Analysis

max time kernel
9s
max time network
1s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
27-06-2024 10:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fisses242.exe
Size

851KB
MD5

96f5ba27b0197df599f8b3c6a7857649
SHA1

06d21d98d5ff65532104e073d0cb95444a091cf2
SHA256

3ad893089224a6d72a8050457a2d0a3053781e1527c869ce68ce11831f0c81e7
SHA512

36803717cc7546210e63ac78705faa6966370278729d34fb33a1dab171599b6c16b41735697919cfe3aa3c84aa8a19f3139866c53cfe165cf195d39d31a64d8d
SSDEEP

12288:XcIjd3nQIQsk3na+QiH64keTjXmCSXaIVrfllStkVymDqos1ySIpkAtiN:XcIjUna3iFTT+awllSyMCqNNMi

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

Fisses242.exe

pid process

1412 Fisses242.exe
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

Fisses242.exe

pid process

1412 Fisses242.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

Fisses242.exe

description pid process target process

PID 1412 set thread context of 2800 1412 Fisses242.exe Fisses242.exe
Drops file in Windows directory 1 IoCs

Processes:

Fisses242.exe

description ioc process

File opened for modification C:\Windows\reassigned\sandi.ini Fisses242.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: MapViewOfSection 1 IoCs

Processes:

Fisses242.exe

pid process

1412 Fisses242.exe

pid	process
1412	Fisses242.exe

pid	process
1412	Fisses242.exe

description	pid	process	target process
PID 1412 set thread context of 2800	1412	Fisses242.exe	Fisses242.exe

description	ioc	process
File opened for modification	C:\Windows\reassigned\sandi.ini	Fisses242.exe

pid	process
1412	Fisses242.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

Fisses242.exe

description	pid	process	target process
PID 1412 wrote to memory of 2800	1412	Fisses242.exe	Fisses242.exe
PID 1412 wrote to memory of 2800	1412	Fisses242.exe	Fisses242.exe
PID 1412 wrote to memory of 2800	1412	Fisses242.exe	Fisses242.exe
PID 1412 wrote to memory of 2800	1412	Fisses242.exe	Fisses242.exe
PID 1412 wrote to memory of 2800	1412	Fisses242.exe	Fisses242.exe
PID 1412 wrote to memory of 2800	1412	Fisses242.exe	Fisses242.exe

C:\Users\Admin\AppData\Local\Temp\Fisses242.exe
"C:\Users\Admin\AppData\Local\Temp\Fisses242.exe"
1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1412

C:\Users\Admin\AppData\Local\Temp\Fisses242.exe
"C:\Users\Admin\AppData\Local\Temp\Fisses242.exe"
2⤵
PID:2800

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nst1779.tmp\System.dll
Filesize
11KB

MD5
55a26d7800446f1373056064c64c3ce8

SHA1
80256857e9a0a9c8897923b717f3435295a76002

SHA256
904fd5481d72f4e03b01a455f848dedd095d0fb17e33608e0d849f5196fb6ff8

SHA512
04b8ab7a85c26f188c0a06f524488d6f2ac2884bf107c860c82e94ae12c3859f825133d78338fd2b594dfc48f7dc9888ae76fee786c6252a5c77c88755128a5b

Download Submit
memory/1412-25-0x0000000077631000-0x0000000077732000-memory.dmp

Filesize
1.0MB

Download
memory/1412-26-0x0000000077630000-0x00000000777D9000-memory.dmp

Filesize
1.7MB

Download
memory/2800-27-0x0000000000400000-0x0000000001462000-memory.dmp

Filesize
16.4MB

Download