85d4bac27db252187b21a3c9995f60bdf2f401224abd3396fac187eae130a3df

Analysis

max time kernel
124s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2022, 23:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85d4bac27db252187b21a3c9995f60bdf2f401224abd3396fac187eae130a3df.exe
Size

1.1MB
MD5

40edff786a13bc885ce77a9dd62818e0
SHA1

8addc969511b6fc14c4e8a5290cf4d678109905b
SHA256

85d4bac27db252187b21a3c9995f60bdf2f401224abd3396fac187eae130a3df
SHA512

ddbb265596a84d2cebced3473513a309401f29712294713a2f114c00a903a0d5a4bbd9c1c7de3f26ffa30116719823060826ac6d2b64d1b9b5ff648a3752b21a
SSDEEP

24576:RWvknOMEfgOCK15JS02rfBvJneBrmWt8azQ6S+HkR6b9HsDZrD+M:RUeOMmBJSDrfBvJeBr0X+EcN0rD+M

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4232	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 4232	5040	85d4bac27db252187b21a3c9995f60bdf2f401224abd3396fac187eae130a3df.exe	81
PID 5040 wrote to memory of 4232	5040	85d4bac27db252187b21a3c9995f60bdf2f401224abd3396fac187eae130a3df.exe	81
PID 5040 wrote to memory of 4232	5040	85d4bac27db252187b21a3c9995f60bdf2f401224abd3396fac187eae130a3df.exe	81

C:\Users\Admin\AppData\Local\Temp\85d4bac27db252187b21a3c9995f60bdf2f401224abd3396fac187eae130a3df.exe
"C:\Users\Admin\AppData\Local\Temp\85d4bac27db252187b21a3c9995f60bdf2f401224abd3396fac187eae130a3df.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Users\Admin\AppData\Local\Temp\a2aDbWHA8d\Mr3oaiCB\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2aDbWHA8d\Mr3oaiCB\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  PID:4232

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2aDbWHA8d\Mr3oaiCB\Setup.exe

Filesize
1.1MB

MD5
40edff786a13bc885ce77a9dd62818e0

SHA1
8addc969511b6fc14c4e8a5290cf4d678109905b

SHA256
85d4bac27db252187b21a3c9995f60bdf2f401224abd3396fac187eae130a3df

SHA512
ddbb265596a84d2cebced3473513a309401f29712294713a2f114c00a903a0d5a4bbd9c1c7de3f26ffa30116719823060826ac6d2b64d1b9b5ff648a3752b21a

Download Submit
C:\Users\Admin\AppData\Local\Temp\a2aDbWHA8d\Mr3oaiCB\Setup.exe

Filesize
1.1MB

MD5
40edff786a13bc885ce77a9dd62818e0

SHA1
8addc969511b6fc14c4e8a5290cf4d678109905b

SHA256
85d4bac27db252187b21a3c9995f60bdf2f401224abd3396fac187eae130a3df

SHA512
ddbb265596a84d2cebced3473513a309401f29712294713a2f114c00a903a0d5a4bbd9c1c7de3f26ffa30116719823060826ac6d2b64d1b9b5ff648a3752b21a

Download Submit
memory/4232-815-0x00000000020B1000-0x0000000002141000-memory.dmp

Filesize
576KB

Download
memory/4232-941-0x00000000020B1000-0x0000000002141000-memory.dmp

Filesize
576KB

Download
memory/5040-176-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-180-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-138-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-139-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-140-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-141-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-142-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-143-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-144-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-146-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-147-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-145-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-148-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-149-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-150-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-151-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-152-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-153-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-154-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-156-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-159-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-160-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-163-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-166-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-169-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-172-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-175-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-132-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-177-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-174-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-133-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-173-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-186-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-168-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-167-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-165-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-171-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-183-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-182-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-181-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-179-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-178-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-164-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-184-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-185-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-188-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-191-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-190-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-189-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-193-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-194-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-195-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-192-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-187-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-170-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-162-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-161-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-158-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-157-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-155-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/5040-383-0x0000000002231000-0x00000000022C1000-memory.dmp

Filesize
576KB

Download
memory/5040-942-0x0000000002231000-0x00000000022C1000-memory.dmp

Filesize
576KB

Download