636b0fd7545ec757b73be4ed4fe5cf59fb94416ed8a0f0c31780fefb254ab258

Analysis

max time kernel
108s
max time network
113s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
01/10/2022, 19:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

636b0fd7545ec757b73be4ed4fe5cf59fb94416ed8a0f0c31780fefb254ab258.exe
Size

1.6MB
MD5

d35484e944c164b7fa969552bf0188cd
SHA1

d3ac293de4b11488f1758d5f52212aa5b6cd866c
SHA256

636b0fd7545ec757b73be4ed4fe5cf59fb94416ed8a0f0c31780fefb254ab258
SHA512

c70f0e3c6bf63b563569797eac05e978f256792c3933ac7268c6899a1d17c1210b12bafe4e0f03fa8c34b382f5beac25b30923b68ee0bb6ea80916b4e6acb9ed
SSDEEP

49152:gJ4N+diKTvx2SRTCdrdr7/hQz4XV2mI4xwF5:gJ4Ad7TvxeN7/hw6Var

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
4432	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 4432	2368	636b0fd7545ec757b73be4ed4fe5cf59fb94416ed8a0f0c31780fefb254ab258.exe	66
PID 2368 wrote to memory of 4432	2368	636b0fd7545ec757b73be4ed4fe5cf59fb94416ed8a0f0c31780fefb254ab258.exe	66
PID 2368 wrote to memory of 4432	2368	636b0fd7545ec757b73be4ed4fe5cf59fb94416ed8a0f0c31780fefb254ab258.exe	66

C:\Users\Admin\AppData\Local\Temp\636b0fd7545ec757b73be4ed4fe5cf59fb94416ed8a0f0c31780fefb254ab258.exe
"C:\Users\Admin\AppData\Local\Temp\636b0fd7545ec757b73be4ed4fe5cf59fb94416ed8a0f0c31780fefb254ab258.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Windows\SysWOW64\msiexec.exe
  "C:\Windows\System32\msiexec.exe" -y .\8IXK.Sep
  2⤵
  - Loads dropped DLL
  PID:4432

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8IXK.Sep

Filesize
1.5MB

MD5
10c715fa5f87c8238044a3ceddded6e9

SHA1
29b91b0ae1195ede891b040fc2683c3240269fca

SHA256
5bda5bf30bc73a96bf3ac61cf9ff18e26a4b0acb41055fda903918e1fab5bd0d

SHA512
7d3506a7f50a53239051c8c7d2f1c1a510d7341eb585911ec66d4c2f2f5c9b03428f29920ffcd3d3cf51638a7bf29c6044672d3ae775f14bca0dbfb7682c1f87

Download Submit
\Users\Admin\AppData\Local\Temp\8IXK.Sep

Filesize
1.5MB

MD5
10c715fa5f87c8238044a3ceddded6e9

SHA1
29b91b0ae1195ede891b040fc2683c3240269fca

SHA256
5bda5bf30bc73a96bf3ac61cf9ff18e26a4b0acb41055fda903918e1fab5bd0d

SHA512
7d3506a7f50a53239051c8c7d2f1c1a510d7341eb585911ec66d4c2f2f5c9b03428f29920ffcd3d3cf51638a7bf29c6044672d3ae775f14bca0dbfb7682c1f87

Download Submit
memory/2368-120-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-121-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-122-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-123-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-125-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-126-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-128-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-129-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-130-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-131-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-132-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-133-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-134-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-135-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-136-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-137-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-138-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-139-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-140-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-141-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-142-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-143-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-144-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-145-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-146-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-147-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-148-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-149-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-150-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-151-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-152-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-153-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-154-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-155-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-156-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-157-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-158-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-159-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-160-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-161-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-162-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-163-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-164-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-165-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-166-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-167-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-168-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-169-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-170-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-171-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-172-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-173-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-174-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-175-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-176-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-177-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-178-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-179-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-180-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-181-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-182-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-183-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-184-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/2368-185-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/4432-236-0x0000000004E70000-0x0000000004F83000-memory.dmp

Filesize
1.1MB

Download
memory/4432-237-0x00000000050A0000-0x00000000051AE000-memory.dmp

Filesize
1.1MB

Download
memory/4432-244-0x00000000050A0000-0x00000000051AE000-memory.dmp

Filesize
1.1MB

Download