b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971

Analysis

max time kernel
100s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2022, 20:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
Size

18.2MB
MD5

bb6b3c14abb4ae211d2d74fda2cbca52
SHA1

f98c411e798625e92e6825ff89c42d97186f4929
SHA256

b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971
SHA512

8bf013bc9ec7bd6e96b477262d319c71cacaeb0a81bc860358792692181e03197ae52357f39c060d44106e77aceb1bb27e76c18e5d378f90013aa2acd96515f6
SSDEEP

393216:Y8KAEvQrx8XpUrWmylX4/WY1YkJMwBC1ohKfOBzbqLcp:CAwQyWrlgY1YkJpCCKfOhbqLcp

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 9 IoCs

pid	Process
4920	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
4920	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
4920	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
4920	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
4920	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
4920	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
4920	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
4920	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
4920	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe

Drops file in Program Files directory 41 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\Microsoft.VC90.CRT.manifest	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\NodeMapData_MD_VC120_v3_0_MVS_v3_1_0.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\log4cpp_MD_VC120_v3_0_MVS_v3_1_0.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\msvcr90.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\GCBase_MD_VC120_v3_0_MVS_v3_1_0.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\MvProducerGEV.cti	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\MvUsb3vTL.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\XmlParser_MD_VC120_v3_0_MVS_v3_1_0.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\MvProducerU3V.cti	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\avcodec-57.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\msvcr100.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\UninstRuntime_x64.exe	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\CLAllSerial_MD_VC120_v3_0_MVS_v3_1_0.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\FormatConversion.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\MVGigEVisionSDK.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\MediaProcess.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\msvcm90.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\MathParser_MD_VC120_v3_0_MVS_v3_1_0.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\avfilter-6.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\avutil-55.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\msvcp90.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\libmmd.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\pthreadGC2.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\CLProtocol\Win64_x64\GenCP_MD_VC120_v3_0_MVS_v3_1_0.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\CLProtocol_MD_VC120_v3_0_MVS_v3_1_0.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\CLSerCOM.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\MvRender.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\avdevice-57.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\pthreadVC2.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\GenApi_MD_VC120_v3_0_MVS_v3_1_0.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\Log_MD_VC120_v3_0_MVS_v3_1_0.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\MvDSS2.ax	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\avformat-57.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\msvcp120.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\msvcr120.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\swscale-4.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\Microsoft.VC90.DebugCRT.manifest	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\MvCamLVision.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\MvCameraControl.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\MvCameraControlWrapper.dll	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
File created	C:\Program Files (x86)\Common Files\iDatum\Runtime\Win64_x64\MvDSS.ax	b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe
"C:\Users\Admin\AppData\Local\Temp\b8acb50e41495447c6a71c3989f8900fb2377888297461740bfdcfe6320ed971.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:4920

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nso77A7.tmp\InstallOptions.dll

Filesize
15KB

MD5
720304c57dcfa17751ed455b3bb9c10a

SHA1
59a1c3a746de10b8875229ff29006f1fd36b1e41

SHA256
6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9

SHA512
c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso77A7.tmp\InstallOptions.dll

Filesize
15KB

MD5
720304c57dcfa17751ed455b3bb9c10a

SHA1
59a1c3a746de10b8875229ff29006f1fd36b1e41

SHA256
6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9

SHA512
c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso77A7.tmp\InstallOptions.dll

Filesize
15KB

MD5
720304c57dcfa17751ed455b3bb9c10a

SHA1
59a1c3a746de10b8875229ff29006f1fd36b1e41

SHA256
6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9

SHA512
c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso77A7.tmp\InstallOptions.dll

Filesize
15KB

MD5
720304c57dcfa17751ed455b3bb9c10a

SHA1
59a1c3a746de10b8875229ff29006f1fd36b1e41

SHA256
6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9

SHA512
c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso77A7.tmp\LogEx.dll

Filesize
44KB

MD5
0f96d9eb959ad4e8fd205e6d58cf01b8

SHA1
7c45512cbdb24216afd23a9e8cdce0cfeaa7660f

SHA256
57ede354532937e38c4ae9da3710ee295705ea9770c402dfb3a5c56a32fd4314

SHA512
9f3afb61d75ac7b7dc84abcbf1b04f759b7055992d46140dc5dcc269aed22268d044ee8030f5ea260bbb912774e5bbb751560c16e54efa99c700b9fc7d48832c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso77A7.tmp\LogEx.dll

Filesize
44KB

MD5
0f96d9eb959ad4e8fd205e6d58cf01b8

SHA1
7c45512cbdb24216afd23a9e8cdce0cfeaa7660f

SHA256
57ede354532937e38c4ae9da3710ee295705ea9770c402dfb3a5c56a32fd4314

SHA512
9f3afb61d75ac7b7dc84abcbf1b04f759b7055992d46140dc5dcc269aed22268d044ee8030f5ea260bbb912774e5bbb751560c16e54efa99c700b9fc7d48832c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso77A7.tmp\System.dll

Filesize
11KB

MD5
17ed1c86bd67e78ade4712be48a7d2bd

SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0

SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso77A7.tmp\UserInfo.dll

Filesize
4KB

MD5
1b446b36f5b4022d50ffdc0cf567b24a

SHA1
d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

SHA256
2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

SHA512
04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso77A7.tmp\UserInfo.dll

Filesize
4KB

MD5
1b446b36f5b4022d50ffdc0cf567b24a

SHA1
d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

SHA256
2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

SHA512
04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

Download Submit
memory/4920-135-0x00000000024C1000-0x00000000024C3000-memory.dmp

Filesize
8KB

Download
memory/4920-138-0x0000000005290000-0x000000000529C000-memory.dmp

Filesize
48KB

Download
memory/4920-143-0x0000000003261000-0x0000000003263000-memory.dmp

Filesize
8KB

Download