c5c330b341abd7f009f16b6187a71c9a2e98480e50498f78bb03003f48603848

Analysis

max time kernel
48s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
22/09/2022, 08:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c5c330b341abd7f009f16b6187a71c9a2e98480e50498f78bb03003f48603848.exe
Size

1.3MB
MD5

7ef0594d8fcedc2800b2d40bc98c2301
SHA1

809c8a1a3d5f047624cce62a966ce3ccb2052d97
SHA256

c5c330b341abd7f009f16b6187a71c9a2e98480e50498f78bb03003f48603848
SHA512

4a18e5771c836299f8a07f0b243bcdf36a2d4ad5269fe3fa39fb19c0d455627d7c6e0bd21feb5ca1a88b0c4fa8c9128a374c2ede96a788bbcbd2839042236cba
SSDEEP

24576:r793eQtxNLxCRR7WhTyfSF9Rjk9A/nxWdoCt/6aWJnbPZ6V7Yx2LlDRT:r71btgz6hTyfyrw9UQoXa4PZ6Vcx2RDp

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
764	IspUSBDirect.exe

Loads dropped DLL 1 IoCs

pid	Process
1872	WScript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1376 wrote to memory of 1872	1376	c5c330b341abd7f009f16b6187a71c9a2e98480e50498f78bb03003f48603848.exe	26
PID 1376 wrote to memory of 1872	1376	c5c330b341abd7f009f16b6187a71c9a2e98480e50498f78bb03003f48603848.exe	26
PID 1376 wrote to memory of 1872	1376	c5c330b341abd7f009f16b6187a71c9a2e98480e50498f78bb03003f48603848.exe	26
PID 1376 wrote to memory of 1872	1376	c5c330b341abd7f009f16b6187a71c9a2e98480e50498f78bb03003f48603848.exe	26
PID 1872 wrote to memory of 764	1872	WScript.exe	27
PID 1872 wrote to memory of 764	1872	WScript.exe	27
PID 1872 wrote to memory of 764	1872	WScript.exe	27
PID 1872 wrote to memory of 764	1872	WScript.exe	27

C:\Users\Admin\AppData\Local\Temp\c5c330b341abd7f009f16b6187a71c9a2e98480e50498f78bb03003f48603848.exe
"C:\Users\Admin\AppData\Local\Temp\c5c330b341abd7f009f16b6187a71c9a2e98480e50498f78bb03003f48603848.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1376
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\upload.vbs"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1872
- - C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\IspUSBDirect.exe
    "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\IspUSBDirect.exe"
    3⤵
    - Executes dropped EXE
    PID:764

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\IspUSBDirect.exe

Filesize
1.1MB

MD5
54fb66b38fcf7b5f644a0b27f3b28876

SHA1
e9f51a58fecb0d486e5fc4cec180d2bc27988c7a

SHA256
7324c6bb0c44470f5cfb4806a920fe8698b865d5240a04287f9fbd76e17f1c6f

SHA512
e22e48a0513004b7961c3ef5e569845fcbd14ada64de5ed5b410693060143385abce6bed6eb742998a8fe4823cdb615285af80d71c5fe6ae4d940421553be865

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\IspUSBDirect.exe

Filesize
1.1MB

MD5
54fb66b38fcf7b5f644a0b27f3b28876

SHA1
e9f51a58fecb0d486e5fc4cec180d2bc27988c7a

SHA256
7324c6bb0c44470f5cfb4806a920fe8698b865d5240a04287f9fbd76e17f1c6f

SHA512
e22e48a0513004b7961c3ef5e569845fcbd14ada64de5ed5b410693060143385abce6bed6eb742998a8fe4823cdb615285af80d71c5fe6ae4d940421553be865

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\upload.vbs

Filesize
263B

MD5
9d228f8cfdee65bb623c4fe705279b17

SHA1
aac8fb36c753b1b8b25b99454ca294fd46fa20c7

SHA256
1870cd367e7079dc3978bb0430503cd398b2443f8afc47dac934ba594faa0072

SHA512
17d7424ae97b993653ed1ed1eff6645cb37655d5a60717ae58f9b41e31c7413ce418866eb812562ced162c3c8172fc4e32db981d23909602e222d0a8f24ec022

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\IspUSBDirect.exe

Filesize
1.1MB

MD5
54fb66b38fcf7b5f644a0b27f3b28876

SHA1
e9f51a58fecb0d486e5fc4cec180d2bc27988c7a

SHA256
7324c6bb0c44470f5cfb4806a920fe8698b865d5240a04287f9fbd76e17f1c6f

SHA512
e22e48a0513004b7961c3ef5e569845fcbd14ada64de5ed5b410693060143385abce6bed6eb742998a8fe4823cdb615285af80d71c5fe6ae4d940421553be865

Download Submit
memory/1376-54-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download