7dd9cba7a301219bfcb8fdd6cd6f8d87bed29ae271c35e0b203d55703ac3da69

Analysis

max time kernel
36s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
12/10/2022, 15:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7dd9cba7a301219bfcb8fdd6cd6f8d87bed29ae271c35e0b203d55703ac3da69.exe
Size

19KB
MD5

575608f0778ba22aa191962768bf3050
SHA1

69e61b6eb7b03f260c83338f61a6b7c212cbae5f
SHA256

7dd9cba7a301219bfcb8fdd6cd6f8d87bed29ae271c35e0b203d55703ac3da69
SHA512

37b5fa8455f441b0a1f62a4210689c27cf364699c00092b203477d852b0761fba3d3537e196665e8c653aa1a8079303cb8422363e2b2405f46d7686785fd16a0
SSDEEP

384:cm27+pmuMgm4PHgTfhl1IBxRlHzZN2zVkt:l2EMQWlqBxRlHzZN2zm

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1444	laccm.exe

Loads dropped DLL 2 IoCs

pid	Process
1508	7dd9cba7a301219bfcb8fdd6cd6f8d87bed29ae271c35e0b203d55703ac3da69.exe
1508	7dd9cba7a301219bfcb8fdd6cd6f8d87bed29ae271c35e0b203d55703ac3da69.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 1444	1508	7dd9cba7a301219bfcb8fdd6cd6f8d87bed29ae271c35e0b203d55703ac3da69.exe	26
PID 1508 wrote to memory of 1444	1508	7dd9cba7a301219bfcb8fdd6cd6f8d87bed29ae271c35e0b203d55703ac3da69.exe	26
PID 1508 wrote to memory of 1444	1508	7dd9cba7a301219bfcb8fdd6cd6f8d87bed29ae271c35e0b203d55703ac3da69.exe	26
PID 1508 wrote to memory of 1444	1508	7dd9cba7a301219bfcb8fdd6cd6f8d87bed29ae271c35e0b203d55703ac3da69.exe	26

C:\Users\Admin\AppData\Local\Temp\7dd9cba7a301219bfcb8fdd6cd6f8d87bed29ae271c35e0b203d55703ac3da69.exe
"C:\Users\Admin\AppData\Local\Temp\7dd9cba7a301219bfcb8fdd6cd6f8d87bed29ae271c35e0b203d55703ac3da69.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Users\Admin\AppData\Local\Temp\laccm.exe
  "C:\Users\Admin\AppData\Local\Temp\laccm.exe"
  2⤵
  - Executes dropped EXE
  PID:1444

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\laccm.exe

Filesize
19KB

MD5
97a9d674c25344a1293d45b4aa372307

SHA1
cdb79781c09fa424146c33bbe3a56110968864fc

SHA256
82195d279a6f919a96a73304b17b8717221fd02a2b09d11efda650c88bc2e439

SHA512
aa90bde62dffc6d7c883511fe0f97c163726b7552dbe68be302df645b1370075d7dff72127b3979e045908c27754537087381e8b5d36bf71f5bd346c1dcc9bee

Download Submit
C:\Users\Admin\AppData\Local\Temp\laccm.exe

Filesize
19KB

MD5
97a9d674c25344a1293d45b4aa372307

SHA1
cdb79781c09fa424146c33bbe3a56110968864fc

SHA256
82195d279a6f919a96a73304b17b8717221fd02a2b09d11efda650c88bc2e439

SHA512
aa90bde62dffc6d7c883511fe0f97c163726b7552dbe68be302df645b1370075d7dff72127b3979e045908c27754537087381e8b5d36bf71f5bd346c1dcc9bee

Download Submit
\Users\Admin\AppData\Local\Temp\laccm.exe

Filesize
19KB

MD5
97a9d674c25344a1293d45b4aa372307

SHA1
cdb79781c09fa424146c33bbe3a56110968864fc

SHA256
82195d279a6f919a96a73304b17b8717221fd02a2b09d11efda650c88bc2e439

SHA512
aa90bde62dffc6d7c883511fe0f97c163726b7552dbe68be302df645b1370075d7dff72127b3979e045908c27754537087381e8b5d36bf71f5bd346c1dcc9bee

Download Submit
\Users\Admin\AppData\Local\Temp\laccm.exe

Filesize
19KB

MD5
97a9d674c25344a1293d45b4aa372307

SHA1
cdb79781c09fa424146c33bbe3a56110968864fc

SHA256
82195d279a6f919a96a73304b17b8717221fd02a2b09d11efda650c88bc2e439

SHA512
aa90bde62dffc6d7c883511fe0f97c163726b7552dbe68be302df645b1370075d7dff72127b3979e045908c27754537087381e8b5d36bf71f5bd346c1dcc9bee

Download Submit
memory/1444-62-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1508-54-0x0000000075451000-0x0000000075453000-memory.dmp

Filesize
8KB

Download
memory/1508-55-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download