f4b03241b05ab574499decb9f59ceabc87509849569c614df462a2fa92c6f4ad

Analysis

Target

67d11389f8d2c4dc8a0fd1cf62dec2aa.exe
Size

1.0MB
MD5

67d11389f8d2c4dc8a0fd1cf62dec2aa
SHA1

f0f1e579c6740b18855adc02bc8c800667648d9c
SHA256

f4b03241b05ab574499decb9f59ceabc87509849569c614df462a2fa92c6f4ad
SHA512

4bda7f26e015fca265d2b201351b93369d30ef4ab08e2d759ac29a67a485b62f723daf6ee570005ea42d4d2ea47e961ed8ae9c5383ac114e3aa5b9732c0d200e

Score

8^/10

Executes dropped EXE 1 IoCs

Processes:

umpqpe.pif

pid process

4036 umpqpe.pif
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
4036	umpqpe.pif

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

67d11389f8d2c4dc8a0fd1cf62dec2aa.exe

description	pid	process	target process
PID 3804 wrote to memory of 4036	3804	67d11389f8d2c4dc8a0fd1cf62dec2aa.exe	umpqpe.pif
PID 3804 wrote to memory of 4036	3804	67d11389f8d2c4dc8a0fd1cf62dec2aa.exe	umpqpe.pif
PID 3804 wrote to memory of 4036	3804	67d11389f8d2c4dc8a0fd1cf62dec2aa.exe	umpqpe.pif

C:\Users\Admin\AppData\Local\Temp\67d11389f8d2c4dc8a0fd1cf62dec2aa.exe
"C:\Users\Admin\AppData\Local\Temp\67d11389f8d2c4dc8a0fd1cf62dec2aa.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3804

C:\Users\Admin\91823219\umpqpe.pif
"C:\Users\Admin\91823219\umpqpe.pif" gxvdsxoiqj.hob
2⤵
- Executes dropped EXE
PID:4036

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

C:\Users\Admin\91823219\umpqpe.pif
MD5
e1f85da023a9f5784e38a37c16c777e6

SHA1
6623fe6bb1903311cfa96ebdcd25822bc4f221ef

SHA256
f4ca36a5e6c02acd6897ffdcaed69f1767ff05a99b2042b218171886b88af162

SHA512
28e0a435eb27ca8653a767383a8b16d13f9c0f37e93a4dc814da02ad21c2e85f2efd9df80915437a4768dbe5b107741ba9451754f479340dfc6db2e7b15d55ba

Download Submit
memory/4036-115-0x0000000000000000-mapping.dmp

Download