881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66

Analysis

max time kernel
85s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2022 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
Size

521KB
MD5

6cee4e27e3be3b647346107a1a9403b0
SHA1

8f450b7e3821d496541c14b7f47465bfb90bb0f5
SHA256

881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66
SHA512

c8657e451978bd0cd3c614d65c35edaba1b148510a26faf86f8130874317be691a43284bcc9cbe40e590c7baac4cacf5810704c9b8a174643ec69c25c654b044
SSDEEP

12288:ErMIztyCK5x8CBmn+RrNbEyWYa0Ie1vUx9VJ:2ZyCA8CBmn+RrNj9ay5IJ

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.8.0_66\bin\gkeytool.ico	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Microsoft Office\root\Integration\gIntegrator.ico	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Google\Chrome\Application\89.0.4389.114\gelevation_service.ico	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Google\Chrome\Application\89.0.4389.114\notification_helper.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\gjps.ico	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\keytool.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\rmic.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\gjabswitch.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\7-Zip\7zFM.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\native2ascii.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\rmiregistry.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\schemagen.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\kinit.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\gOSE.ico	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\grmiregistry.ico	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\serialver.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\unpack200.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javadoc.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\gappletviewer.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\gjava.ico	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\gjavap.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\7-Zip\Uninstall.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\gOSE.ico	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\gjinfo.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\gFLTLDR.EXE	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jinfo.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Microsoft Office\root\Integration\Integrator.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\gelevation_service.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\gLICLUA.ico	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\gAppVDllSurrogate32.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\gAppSharingHookController.ico	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Windows Mail\wab.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Windows Media Player\setup_wm.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\gwsimport.ico	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\gcom.oracle.jmc.executable.win32.win32.x86_64_5.5.0	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\gAppSharingHookController.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\gjava.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\gIntegratedOffice.ico	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\RCXC253.tmp	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\gkinit.ico	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\pack200.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Google\Chrome\Application\89.0.4389.114\gchrome_pwa_launcher.ico	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\jabswitch.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\gjavadoc.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\orbd.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-1000-0000000FF1CE}\RCXD175.tmp	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Google\Chrome\Application\gchrome_proxy.ico	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Microsoft Office\Office16\gOSPPREARM.ico	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\gFLTLDR.ico	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\gappletviewer.ico	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\gjstat.ico	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\bfsvc.exe	881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe
"C:\Users\Admin\AppData\Local\Temp\881715ae4d194cd6f4a7ab9aed0cd18d3abae0f342421e4028bc407bea420e66.exe"
1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
PID:4596

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4596-132-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/4596-133-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download