sodinokibi | ad6b1c258c45d7661ef929a5250a69f1a1c7898e90d782772671f3398cb875fb

Analysis

max time kernel
110s
max time network
139s
platform
windows10_x64
resource
win10-en-20211208
submitted
24-01-2022 01:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad6b1c258c45d7661ef929a5250a69f1a1c7898e90d782772671f3398cb875fb.dll
Size

339KB
MD5

7d4c2211f3279201599f9138d6b61162
SHA1

ee410f1d10edc70f8de3b27907fc10fa341f620a
SHA256

ad6b1c258c45d7661ef929a5250a69f1a1c7898e90d782772671f3398cb875fb
SHA512

0057744e1a643152d67f41197d431571bbcd93968727c494c97d7aada6f5824ca668cb3341530ce85d0cb23e0aa1f9dbcc18e162307a6c68ee0df09b3725e3ba

Score

10^/10

sodinokibi ransomware

Malware Config

Signatures

Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
ransomware sodinokibi

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 2312 wrote to memory of 3024	2312	rundll32.exe	rundll32.exe
PID 2312 wrote to memory of 3024	2312	rundll32.exe	rundll32.exe
PID 2312 wrote to memory of 3024	2312	rundll32.exe	rundll32.exe
PID 3024 wrote to memory of 908	3024	rundll32.exe	rundll32.exe
PID 3024 wrote to memory of 908	3024	rundll32.exe	rundll32.exe
PID 3024 wrote to memory of 908	3024	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad6b1c258c45d7661ef929a5250a69f1a1c7898e90d782772671f3398cb875fb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2312

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad6b1c258c45d7661ef929a5250a69f1a1c7898e90d782772671f3398cb875fb.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:3024

C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe"
3⤵
PID:908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3024-115-0x00000000006C0000-0x0000000000718000-memory.dmp

Filesize
352KB

Download
memory/3024-116-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-118-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-117-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-119-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-120-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-121-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-122-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-123-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-124-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-125-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-126-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-127-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-128-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-129-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-130-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-131-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-132-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-133-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-135-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-134-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-137-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-138-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-139-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-136-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-141-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-140-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-142-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-143-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-144-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-145-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-146-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-147-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-148-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-149-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-151-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-150-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-152-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-154-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-155-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-153-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-156-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-157-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-158-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-159-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-160-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-161-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-162-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-163-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-164-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-165-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-166-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-167-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-168-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-169-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-170-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-171-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-172-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-173-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-174-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-175-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-176-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-177-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-178-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download
memory/3024-242-0x00000000008B0000-0x00000000008F1000-memory.dmp

Filesize
260KB

Download