9436dcba706cabd943983e1b34a3e7ee7a5c2c2e45b467a208cd4582828f093b

Analysis

max time kernel
64s
max time network
67s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
26/10/2022, 08:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9436dcba706cabd943983e1b34a3e7ee7a5c2c2e45b467a208cd4582828f093b.exe
Size

1.7MB
MD5

197b7e8022ee311a64e6b61db134b0ee
SHA1

9e098f78107958a35a18533c3bb730cafa952e34
SHA256

9436dcba706cabd943983e1b34a3e7ee7a5c2c2e45b467a208cd4582828f093b
SHA512

fb575f8727dc555f5bf66324ae87044f2728f13e7f7063bca996a0ee8aa475a16cd17c6d4fcb25df95fa6f4303923e6626dddb4a2872bf184003d29037340982
SSDEEP

49152:NsW9JP7HPpt8ZtMiUJ55VV3ZEdY67qzBLj4c:uU7HPD8ZqTjZEdY8qzBj

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1316	rundll32.exe
4260	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 3544	2484	9436dcba706cabd943983e1b34a3e7ee7a5c2c2e45b467a208cd4582828f093b.exe	66
PID 2484 wrote to memory of 3544	2484	9436dcba706cabd943983e1b34a3e7ee7a5c2c2e45b467a208cd4582828f093b.exe	66
PID 2484 wrote to memory of 3544	2484	9436dcba706cabd943983e1b34a3e7ee7a5c2c2e45b467a208cd4582828f093b.exe	66
PID 3544 wrote to memory of 1316	3544	control.exe	67
PID 3544 wrote to memory of 1316	3544	control.exe	67
PID 3544 wrote to memory of 1316	3544	control.exe	67
PID 1316 wrote to memory of 4876	1316	rundll32.exe	68
PID 1316 wrote to memory of 4876	1316	rundll32.exe	68
PID 4876 wrote to memory of 4260	4876	RunDll32.exe	69
PID 4876 wrote to memory of 4260	4876	RunDll32.exe	69
PID 4876 wrote to memory of 4260	4876	RunDll32.exe	69

C:\Users\Admin\AppData\Local\Temp\9436dcba706cabd943983e1b34a3e7ee7a5c2c2e45b467a208cd4582828f093b.exe
"C:\Users\Admin\AppData\Local\Temp\9436dcba706cabd943983e1b34a3e7ee7a5c2c2e45b467a208cd4582828f093b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe" .\Vl2Z.o
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3544
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL .\Vl2Z.o
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1316
  - - C:\Windows\system32\RunDll32.exe
      C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL .\Vl2Z.o
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4876
    - - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 .\Vl2Z.o
        5⤵
        Loads dropped DLL
        
        PID:4260

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Vl2Z.o

Filesize
2.9MB

MD5
33c44938ccc3b83eb947d49410a88426

SHA1
2bbeb843192a99f8f5b2ea12f186a0857ce549f0

SHA256
fdae563df4804d901283360cc8833a83e02ba305c9f2d9c82acee97b87f6627e

SHA512
ad1f5c4fdc523dfc545d2a3a0dff7f74a1f3d368e04b02a8a3c9627eb6b012ce3fe67342f4afa963a3f45ca62145856475e018d5c10b360c5286709d10511cbd

Download Submit
\Users\Admin\AppData\Local\Temp\vl2Z.o

Filesize
2.9MB

MD5
33c44938ccc3b83eb947d49410a88426

SHA1
2bbeb843192a99f8f5b2ea12f186a0857ce549f0

SHA256
fdae563df4804d901283360cc8833a83e02ba305c9f2d9c82acee97b87f6627e

SHA512
ad1f5c4fdc523dfc545d2a3a0dff7f74a1f3d368e04b02a8a3c9627eb6b012ce3fe67342f4afa963a3f45ca62145856475e018d5c10b360c5286709d10511cbd

Download Submit
\Users\Admin\AppData\Local\Temp\vl2Z.o

Filesize
2.9MB

MD5
33c44938ccc3b83eb947d49410a88426

SHA1
2bbeb843192a99f8f5b2ea12f186a0857ce549f0

SHA256
fdae563df4804d901283360cc8833a83e02ba305c9f2d9c82acee97b87f6627e

SHA512
ad1f5c4fdc523dfc545d2a3a0dff7f74a1f3d368e04b02a8a3c9627eb6b012ce3fe67342f4afa963a3f45ca62145856475e018d5c10b360c5286709d10511cbd

Download Submit
memory/1316-275-0x0000000004D70000-0x0000000004FFE000-memory.dmp

Filesize
2.6MB

Download
memory/1316-276-0x0000000005150000-0x0000000005298000-memory.dmp

Filesize
1.3MB

Download
memory/1316-348-0x0000000005150000-0x0000000005298000-memory.dmp

Filesize
1.3MB

Download
memory/2484-153-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-154-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-124-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-125-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-126-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-127-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-128-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-129-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-130-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-131-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-132-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-133-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-134-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-135-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-136-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-137-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-138-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-139-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-140-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-141-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-142-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-143-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-144-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-145-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-146-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-147-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-148-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-150-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-149-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-151-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-152-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-122-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-157-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-155-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-123-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-156-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-171-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-159-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-160-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-161-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-162-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-163-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-164-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-165-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-166-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-168-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-167-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-169-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-170-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-158-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-172-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-173-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-174-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-175-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-176-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-177-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-178-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-179-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-180-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-181-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-120-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/2484-121-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/3544-184-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/3544-183-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4260-334-0x0000000005260000-0x00000000054EE000-memory.dmp

Filesize
2.6MB

Download
memory/4260-335-0x0000000005640000-0x0000000005788000-memory.dmp

Filesize
1.3MB

Download
memory/4260-336-0x0000000005260000-0x00000000054EE000-memory.dmp

Filesize
2.6MB

Download
memory/4260-345-0x0000000005640000-0x0000000005788000-memory.dmp

Filesize
1.3MB

Download