9837dc0d72a65ad669ce9d6962cee3b94135039e812683c67662f66becef1f7e

Analysis

max time kernel
66s
max time network
67s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
06/10/2022, 15:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9837dc0d72a65ad669ce9d6962cee3b94135039e812683c67662f66becef1f7e.exe
Size

1.5MB
MD5

276e4b1f178ddeb7fc19a5ba7c13b923
SHA1

03b613e638bd67e2b20b5653f709d695e9b13891
SHA256

9837dc0d72a65ad669ce9d6962cee3b94135039e812683c67662f66becef1f7e
SHA512

226b1409755ae0073c942d1015ecd69cfded6179f64c7d19b628661bc366fe62455eb853e26262e60e0355710e319ee1916b0d34f3c809d5ee407da1449bd070
SSDEEP

24576:gJr8tE+gHqpBhFTQxqcGC3U4vLJKM5b8BI0IzgoNPdUcaSsKCJGZjG4fe:gJ4N3hOZGC36sb0MaS7Zjk

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
5088	rundll32.exe
5088	rundll32.exe
3964	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings	9837dc0d72a65ad669ce9d6962cee3b94135039e812683c67662f66becef1f7e.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 3468	2492	9837dc0d72a65ad669ce9d6962cee3b94135039e812683c67662f66becef1f7e.exe	66
PID 2492 wrote to memory of 3468	2492	9837dc0d72a65ad669ce9d6962cee3b94135039e812683c67662f66becef1f7e.exe	66
PID 2492 wrote to memory of 3468	2492	9837dc0d72a65ad669ce9d6962cee3b94135039e812683c67662f66becef1f7e.exe	66
PID 3468 wrote to memory of 5088	3468	control.exe	68
PID 3468 wrote to memory of 5088	3468	control.exe	68
PID 3468 wrote to memory of 5088	3468	control.exe	68
PID 5088 wrote to memory of 3896	5088	rundll32.exe	69
PID 5088 wrote to memory of 3896	5088	rundll32.exe	69
PID 3896 wrote to memory of 3964	3896	RunDll32.exe	70
PID 3896 wrote to memory of 3964	3896	RunDll32.exe	70
PID 3896 wrote to memory of 3964	3896	RunDll32.exe	70

C:\Users\Admin\AppData\Local\Temp\9837dc0d72a65ad669ce9d6962cee3b94135039e812683c67662f66becef1f7e.exe
"C:\Users\Admin\AppData\Local\Temp\9837dc0d72a65ad669ce9d6962cee3b94135039e812683c67662f66becef1f7e.exe"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\SXMEJ.cPL",
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3468
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\SXMEJ.cPL",
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:5088
  - - C:\Windows\system32\RunDll32.exe
      C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\SXMEJ.cPL",
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3896
    - - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\SXMEJ.cPL",
        5⤵
        Loads dropped DLL
        
        PID:3964

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\SXMEJ.cPL

Filesize
1.6MB

MD5
a4aeb7df7345370b5104f0b4cade853b

SHA1
b7535638f8b50ff438b54e2464684c49be13e6bf

SHA256
7b2ebad52076c9d958c320c9b72506a2868ad1de471483ed451bc7302e763efc

SHA512
83ab92c9d4e298a016417b8afbda288a558438df8b4c1a07b2f7b9df375e90a7d3fdfc651335b73b1f06c0f4a4a41feda5e9ce9580c2f1412bcab2f046a8e83f

Download Submit
\Users\Admin\AppData\Local\Temp\sXMEJ.cpl

Filesize
1.6MB

MD5
a4aeb7df7345370b5104f0b4cade853b

SHA1
b7535638f8b50ff438b54e2464684c49be13e6bf

SHA256
7b2ebad52076c9d958c320c9b72506a2868ad1de471483ed451bc7302e763efc

SHA512
83ab92c9d4e298a016417b8afbda288a558438df8b4c1a07b2f7b9df375e90a7d3fdfc651335b73b1f06c0f4a4a41feda5e9ce9580c2f1412bcab2f046a8e83f

Download Submit
\Users\Admin\AppData\Local\Temp\sXMEJ.cpl

Filesize
1.6MB

MD5
a4aeb7df7345370b5104f0b4cade853b

SHA1
b7535638f8b50ff438b54e2464684c49be13e6bf

SHA256
7b2ebad52076c9d958c320c9b72506a2868ad1de471483ed451bc7302e763efc

SHA512
83ab92c9d4e298a016417b8afbda288a558438df8b4c1a07b2f7b9df375e90a7d3fdfc651335b73b1f06c0f4a4a41feda5e9ce9580c2f1412bcab2f046a8e83f

Download Submit
\Users\Admin\AppData\Local\Temp\sXMEJ.cpl

Filesize
1.6MB

MD5
a4aeb7df7345370b5104f0b4cade853b

SHA1
b7535638f8b50ff438b54e2464684c49be13e6bf

SHA256
7b2ebad52076c9d958c320c9b72506a2868ad1de471483ed451bc7302e763efc

SHA512
83ab92c9d4e298a016417b8afbda288a558438df8b4c1a07b2f7b9df375e90a7d3fdfc651335b73b1f06c0f4a4a41feda5e9ce9580c2f1412bcab2f046a8e83f

Download Submit
memory/2492-157-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-169-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-123-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-125-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-126-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-128-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-129-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-130-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-131-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-132-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-159-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-134-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-135-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-136-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-137-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-138-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-139-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-140-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-141-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-142-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-143-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-144-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-145-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-146-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-147-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-148-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-149-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-150-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-151-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-152-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-153-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-154-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-155-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-156-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-161-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-158-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-133-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-122-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-121-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-162-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-163-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-164-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-165-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-166-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-167-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-168-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-160-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-171-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-170-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-172-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-173-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-174-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-175-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-176-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-177-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-178-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-179-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-180-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-181-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-182-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-183-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-184-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-185-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2492-120-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/3964-341-0x0000000005470000-0x000000000559F000-memory.dmp

Filesize
1.2MB

Download
memory/3964-342-0x00000000056A0000-0x0000000005798000-memory.dmp

Filesize
992KB

Download
memory/3964-351-0x00000000056A0000-0x0000000005798000-memory.dmp

Filesize
992KB

Download
memory/5088-282-0x0000000004850000-0x000000000497F000-memory.dmp

Filesize
1.2MB

Download
memory/5088-283-0x0000000004A80000-0x0000000004B78000-memory.dmp

Filesize
992KB

Download
memory/5088-352-0x0000000004A80000-0x0000000004B78000-memory.dmp

Filesize
992KB

Download