5310b41169311c55d3dbdd3bf129510349d4eccac82ebe11ab34be1a291f2916

Analysis

Target

COMMANDE.exe
Size

300KB
MD5

15ed95eaed3d1031c2e7dcc9d129e0f0
SHA1

98148eb8665763ed2b1dafbe2050d4b638f5078f
SHA256

5310b41169311c55d3dbdd3bf129510349d4eccac82ebe11ab34be1a291f2916
SHA512

2bbc1be0e8a703071cc6859b83db4032f92ba234bf4e41b4a221eb29191a208564995b356b24de9727e0abf669a6f79986742be0321249a8d0041abcbd39b341

Score

8^/10

Executes dropped EXE 1 IoCs

Processes:

eudupag.exe

pid process

2720 eudupag.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
2720	eudupag.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

COMMANDE.exeeudupag.exe

description	pid	process	target process
PID 2224 wrote to memory of 2720	2224	COMMANDE.exe	eudupag.exe
PID 2224 wrote to memory of 2720	2224	COMMANDE.exe	eudupag.exe
PID 2224 wrote to memory of 2720	2224	COMMANDE.exe	eudupag.exe
PID 2720 wrote to memory of 3284	2720	eudupag.exe	eudupag.exe
PID 2720 wrote to memory of 3284	2720	eudupag.exe	eudupag.exe
PID 2720 wrote to memory of 3284	2720	eudupag.exe	eudupag.exe

C:\Users\Admin\AppData\Local\Temp\COMMANDE.exe
"C:\Users\Admin\AppData\Local\Temp\COMMANDE.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2224

C:\Users\Admin\AppData\Local\Temp\eudupag.exe
C:\Users\Admin\AppData\Local\Temp\eudupag.exe C:\Users\Admin\AppData\Local\Temp\nhddajnigp
3⤵
PID:3284

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

C:\Users\Admin\AppData\Local\Temp\eudupag.exe
MD5
b0864289f09d4f400ff18bccd2fe858e

SHA1
345ac756ae1b5b3230c5032e96bb4976787fc447

SHA256
0bebe910efbed34fe37976921cdece0364c0548ea2938404d3c66287b1b37667

SHA512
32475f1a02bafbe4e0860713d399a22a45fb5137ce8f3a5cb615e54faec87e69a5b4edf006cc9c9aa9edc6d6af3e6ed62e1d733f06bd63867703a3091ed77223

Download Submit
C:\Users\Admin\AppData\Local\Temp\eudupag.exe
MD5
b0864289f09d4f400ff18bccd2fe858e

SHA1
345ac756ae1b5b3230c5032e96bb4976787fc447

SHA256
0bebe910efbed34fe37976921cdece0364c0548ea2938404d3c66287b1b37667

SHA512
32475f1a02bafbe4e0860713d399a22a45fb5137ce8f3a5cb615e54faec87e69a5b4edf006cc9c9aa9edc6d6af3e6ed62e1d733f06bd63867703a3091ed77223

Download Submit
C:\Users\Admin\AppData\Local\Temp\i0bvw9ieywzl0xhhqo1y
MD5
4dcb394819e0edf751119d26b4ff65c8

SHA1
0af4583869297dacf26ddbea8b6598c2d0384386

SHA256
d3dfcdbea4f79f747a95a4353b10e9bbeafe9069915f27e41e4444b8433331a0

SHA512
3a0f9ddd9a8f038d1297c94c7f173391b49d00e67d9893e5f33d4504d93575905af55d329a4d7c5febd5a4000cc530d56a6daa044a672c30162c8bc4106480f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nhddajnigp
MD5
e42f7db839c8b5d49522864853556254

SHA1
0540d291746f405aeb5801fb333e697c8100fe98

SHA256
4f3524205dc82fc76c546010af8c492fdad5dfd49a91cfdb427019a96fa7b20f

SHA512
a95ca20eee536da0dc4ad83b86e5549b4c126b73ae91759a6e93350088d684ec968deb9843c2612aad3c25fc668ec279eef94271a829e4409222a9c08e7bb803

Download Submit