aae4511c45c0254617b6fd19162092c32773bfbba5bbc406af64e782aa1f06dc

General

Target

aae4511c45c0254617b6fd19162092c32773bfbba5bbc406af64e782aa1f06dc.exe
Size

295KB
MD5

35e2bdf8ec69f9ca0bca535197a729de
SHA1

6992f51d8e4e8dae62bc2f6478a4adae7f9eba34
SHA256

aae4511c45c0254617b6fd19162092c32773bfbba5bbc406af64e782aa1f06dc
SHA512

7232e43463649487cae4a06ead56edc548563630f325e450a5681fe5cc39ffd1a2a6ae6ead666d0bf3d3f7263456f641912cf4fe7aea04e2478eaef534844038

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

lkqovoiq.exe

pid process

2300 lkqovoiq.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
2300	lkqovoiq.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

aae4511c45c0254617b6fd19162092c32773bfbba5bbc406af64e782aa1f06dc.exelkqovoiq.exe

description	pid	process	target process
PID 4556 wrote to memory of 2300	4556	aae4511c45c0254617b6fd19162092c32773bfbba5bbc406af64e782aa1f06dc.exe	lkqovoiq.exe
PID 4556 wrote to memory of 2300	4556	aae4511c45c0254617b6fd19162092c32773bfbba5bbc406af64e782aa1f06dc.exe	lkqovoiq.exe
PID 4556 wrote to memory of 2300	4556	aae4511c45c0254617b6fd19162092c32773bfbba5bbc406af64e782aa1f06dc.exe	lkqovoiq.exe
PID 2300 wrote to memory of 5040	2300	lkqovoiq.exe	lkqovoiq.exe
PID 2300 wrote to memory of 5040	2300	lkqovoiq.exe	lkqovoiq.exe
PID 2300 wrote to memory of 5040	2300	lkqovoiq.exe	lkqovoiq.exe

C:\Users\Admin\AppData\Local\Temp\aae4511c45c0254617b6fd19162092c32773bfbba5bbc406af64e782aa1f06dc.exe
"C:\Users\Admin\AppData\Local\Temp\aae4511c45c0254617b6fd19162092c32773bfbba5bbc406af64e782aa1f06dc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4556

C:\Users\Admin\AppData\Local\Temp\lkqovoiq.exe
C:\Users\Admin\AppData\Local\Temp\lkqovoiq.exe C:\Users\Admin\AppData\Local\Temp\ruskol
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2300

C:\Users\Admin\AppData\Local\Temp\lkqovoiq.exe
C:\Users\Admin\AppData\Local\Temp\lkqovoiq.exe C:\Users\Admin\AppData\Local\Temp\ruskol
3⤵
PID:5040

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lkqovoiq.exe
MD5
c9181542b3c1392a8d68f14e677ccd42

SHA1
4b470322716c69aa8bf8bef98f3a73f90921c972

SHA256
9a66c5f412ffb74f4c9ad4954f74001ae241a225a3bc591aeb854c1296eed056

SHA512
2c12c2dc1861bd8d2b611d8ddeb6a92f9cadd93f5fed27042760a8dc9fe8fb08b6a7b7562ebff729c86f5a1b2f8d813ddce95476ac7ea87d4a54199199b4d621

Download Submit
C:\Users\Admin\AppData\Local\Temp\lkqovoiq.exe
MD5
c9181542b3c1392a8d68f14e677ccd42

SHA1
4b470322716c69aa8bf8bef98f3a73f90921c972

SHA256
9a66c5f412ffb74f4c9ad4954f74001ae241a225a3bc591aeb854c1296eed056

SHA512
2c12c2dc1861bd8d2b611d8ddeb6a92f9cadd93f5fed27042760a8dc9fe8fb08b6a7b7562ebff729c86f5a1b2f8d813ddce95476ac7ea87d4a54199199b4d621

Download Submit
C:\Users\Admin\AppData\Local\Temp\od8kuhrmmzrp1u52np5i
MD5
10ca7fc53a9ebf555f4d2110d9e24249

SHA1
0ee055b5812d098634f607742137eec9100274c5

SHA256
602043eb658596d7531f615fe24f346bf9c81ed16c9dda45359c95ff1e7ef5a8

SHA512
5647279d8b96266dee1fbb3396ddd9c3599afa993e85ca42a66b5182d063469d30efe28a6d5536be2b20d86d69aa9dbd1391ffde8854fc8bf2c20c6b1719ad8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ruskol
MD5
2a88e12b7471b4dd42f31e0aed15e05d

SHA1
6c5cc2242d9fb1b77f426b8495c98273326819dc

SHA256
cbfb83205cefb664bf19e3908137002c06c60d49520812e085e9ee8b402bae49

SHA512
77f6b0f29cf0e497730d62b6ec987496e9f02f36427e64f109e319f7534eb43f37314c63fbaa07ff721e9920a751097d577f6c729bccfc537885821e55da14d2

Download Submit
memory/2300-134-0x0000000000000000-mapping.dmp

Download
memory/5040-139-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing