e79379ad28d4feccf72230cb2d3d9741df8e49db94f9ed0443add81e75698f61

Analysis

max time kernel
55s
max time network
147s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
06/10/2022, 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e79379ad28d4feccf72230cb2d3d9741df8e49db94f9ed0443add81e75698f61.exe
Size

1.5MB
MD5

df17ed29ce07c454a55143e54d0438ea
SHA1

386806688bdc44dccfbb8314ad68a5597b4407c2
SHA256

e79379ad28d4feccf72230cb2d3d9741df8e49db94f9ed0443add81e75698f61
SHA512

a0c192f836c98197d0b1ee4b89e21b6addfa649041c876c407e4e4f79c4248d18f396cbedc352aaaf72f17b87a58a85669378e952cd3c43aa3d5553761eb55aa
SSDEEP

24576:gJr8tE+gHqTYt8DB6yQuKb+e0OXU7J1WyuN2KfqrGSl9rhmH/8v1qTuokwxjzp:gJ4N081NNt7J82Kfqrnlf6kvITuoNx

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
5000	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 5000	2696	e79379ad28d4feccf72230cb2d3d9741df8e49db94f9ed0443add81e75698f61.exe	66
PID 2696 wrote to memory of 5000	2696	e79379ad28d4feccf72230cb2d3d9741df8e49db94f9ed0443add81e75698f61.exe	66
PID 2696 wrote to memory of 5000	2696	e79379ad28d4feccf72230cb2d3d9741df8e49db94f9ed0443add81e75698f61.exe	66

C:\Users\Admin\AppData\Local\Temp\e79379ad28d4feccf72230cb2d3d9741df8e49db94f9ed0443add81e75698f61.exe
"C:\Users\Admin\AppData\Local\Temp\e79379ad28d4feccf72230cb2d3d9741df8e49db94f9ed0443add81e75698f61.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Windows\SysWOW64\msiexec.exe
  "C:\Windows\System32\msiexec.exe" -y .\DAhz.sQ_
  2⤵
  - Loads dropped DLL
  PID:5000

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\DAhz.sQ_

Filesize
1.7MB

MD5
18a9af5f9ed2781cea92ef917a19eb11

SHA1
aaa3b4c068dad9e67ed72f465ca46324e2b87428

SHA256
cd7fbb8d8ac79f4c5845e1ccf63f0166d78c2e28676f17510b0d939b2070f297

SHA512
bdd0d0cabb8f20cf626aee683d0f94547037fbddb72a895074a3bd99a4a008ee8f28ebd65bd9f255b35914558d77815d7a7581460d38cb0a341bcd0e29927ad5

Download Submit
\Users\Admin\AppData\Local\Temp\dahz.sQ_

Filesize
1.7MB

MD5
18a9af5f9ed2781cea92ef917a19eb11

SHA1
aaa3b4c068dad9e67ed72f465ca46324e2b87428

SHA256
cd7fbb8d8ac79f4c5845e1ccf63f0166d78c2e28676f17510b0d939b2070f297

SHA512
bdd0d0cabb8f20cf626aee683d0f94547037fbddb72a895074a3bd99a4a008ee8f28ebd65bd9f255b35914558d77815d7a7581460d38cb0a341bcd0e29927ad5

Download Submit
memory/2696-116-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-117-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-118-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-119-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-121-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-122-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-124-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-125-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-129-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-133-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-132-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-135-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-134-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-131-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-137-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-136-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-130-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-128-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-127-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-126-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-138-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-139-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-140-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-141-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-142-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-143-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-144-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-145-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-146-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-147-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-148-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-149-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-150-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-151-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-152-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-153-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-154-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-155-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-156-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-157-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-158-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-159-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-160-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-161-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-162-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-163-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-164-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-165-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-166-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-167-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-169-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-168-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-170-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-171-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-172-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-173-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-174-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-175-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-176-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-177-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-178-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-179-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-180-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2696-181-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/5000-232-0x0000000005430000-0x0000000005548000-memory.dmp

Filesize
1.1MB

Download
memory/5000-233-0x0000000005640000-0x0000000005725000-memory.dmp

Filesize
916KB

Download
memory/5000-240-0x0000000005640000-0x0000000005725000-memory.dmp

Filesize
916KB

Download