f1acb5c231c8de11844777429d47113dd5b042a5af4e7e30303c1f2ba8acbefb

Analysis

max time kernel
12s
max time network
17s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2022 12:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f1acb5c231c8de11844777429d47113dd5b042a5af4e7e30303c1f2ba8acbefb.exe
Size

2.8MB
MD5

5b32ed7cfc5886c51f59ced1b1821ca3
SHA1

a0d1d20cd30ec9a7b726045cc09f7c28e78d1004
SHA256

f1acb5c231c8de11844777429d47113dd5b042a5af4e7e30303c1f2ba8acbefb
SHA512

7b2627425501dffd5d452e9d816492ef0abc2ec1f3518a809016bc327e3c6d208d21cb937d57f87ebaf08c8daaf54a238f7fd69900c2b3efc2d9fffb81736e64
SSDEEP

49152:uFpraeZW64Alas2vv6/UccgISzO5BHyejmGH3eW7OULqS0VZLhATnZZC29An8gou:+pXZW64AFMvQ7aty3AH90HWT7CMA8g/d

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4876	LookMyPC.exe

Loads dropped DLL 1 IoCs

pid	Process
4876	LookMyPC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4876	LookMyPC.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
4876	LookMyPC.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4876	LookMyPC.exe
4876	LookMyPC.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 4876	1972	f1acb5c231c8de11844777429d47113dd5b042a5af4e7e30303c1f2ba8acbefb.exe	79
PID 1972 wrote to memory of 4876	1972	f1acb5c231c8de11844777429d47113dd5b042a5af4e7e30303c1f2ba8acbefb.exe	79
PID 1972 wrote to memory of 4876	1972	f1acb5c231c8de11844777429d47113dd5b042a5af4e7e30303c1f2ba8acbefb.exe	79

C:\Users\Admin\AppData\Local\Temp\f1acb5c231c8de11844777429d47113dd5b042a5af4e7e30303c1f2ba8acbefb.exe
"C:\Users\Admin\AppData\Local\Temp\f1acb5c231c8de11844777429d47113dd5b042a5af4e7e30303c1f2ba8acbefb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Users\Admin\AppData\Local\Temp\LookMyPC\LookMyPC.exe
  C:\Users\Admin\AppData\Local\Temp\LookMyPC\LookMyPC.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4876

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\LookMyPC\LookMyPC.exe

Filesize
176KB

MD5
2cdd52b53bcd5a48b6dbe39e74d9bfc7

SHA1
47d7e41df83e06dcb9057596b93d3e302d5db544

SHA256
63fc053dda0c9008427f94c1b667f4450ea9183664dd1bacb442c474eafac435

SHA512
791265997f1056fcc9dd423e7abfb0254406a2cc18caa2056ec35fa485376f4621a7f8c018c1ca9a681e80de48059a531e15947c7dfd49a4063ed8730a6f76c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\LookMyPC\LookMyPC.exe

Filesize
176KB

MD5
2cdd52b53bcd5a48b6dbe39e74d9bfc7

SHA1
47d7e41df83e06dcb9057596b93d3e302d5db544

SHA256
63fc053dda0c9008427f94c1b667f4450ea9183664dd1bacb442c474eafac435

SHA512
791265997f1056fcc9dd423e7abfb0254406a2cc18caa2056ec35fa485376f4621a7f8c018c1ca9a681e80de48059a531e15947c7dfd49a4063ed8730a6f76c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\LookMyPC\NNScreen.dll

Filesize
440KB

MD5
a153bce26370dc5933ce0fdb97cc8d05

SHA1
9b788096a77b5309d7b8d6db5e649ae4564c4390

SHA256
42950aa61a4ab08f172e9687a161404fffbdd4e058ea15d92e32c40a151bb7c1

SHA512
ca94fa2ed3e6b64a67d50d64773b08baa8ee45626e26ce88171a3dcd7105513171bab9c458aad046bea97915a3ecbe84da15b856a672e56d10d0d22e3e38d8f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\LookMyPC\NNScreen.dll

Filesize
440KB

MD5
a153bce26370dc5933ce0fdb97cc8d05

SHA1
9b788096a77b5309d7b8d6db5e649ae4564c4390

SHA256
42950aa61a4ab08f172e9687a161404fffbdd4e058ea15d92e32c40a151bb7c1

SHA512
ca94fa2ed3e6b64a67d50d64773b08baa8ee45626e26ce88171a3dcd7105513171bab9c458aad046bea97915a3ecbe84da15b856a672e56d10d0d22e3e38d8f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\LookMyPC\user.ini

Filesize
57B

MD5
025d4cd32b92c8f79eaeede077bc0737

SHA1
1d3f3a3d388525998bd333cec1f24003ca92ca70

SHA256
56118cf30c4c51497812474d794159de1bfa834139dc913e7e9dbb77214aeea5

SHA512
39b01f945538f1270e61261450aca659d83ae7f0c77db43016f3a42d6fc2311781f6d758fe763f06d37b9ea1edc77909278ecf5899fe156b2c72ae8916dc69a0

Download Submit
memory/4876-132-0x0000000000000000-mapping.dmp

Download