7efc91719274086ec6d638f73928ecbe1b6ca4101d994ef114bafb92dffb2538

Analysis

max time kernel
57s
max time network
145s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
26/10/2022, 19:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7efc91719274086ec6d638f73928ecbe1b6ca4101d994ef114bafb92dffb2538.exe
Size

1.7MB
MD5

12bb7fe4ce2ea0486d45771dd06e71b6
SHA1

6a7aacdbaa84d421ad33a00744d1cc9143f0f250
SHA256

7efc91719274086ec6d638f73928ecbe1b6ca4101d994ef114bafb92dffb2538
SHA512

beeaea64d98b1bef292e7ff6d777a2266a607f40a7438212662a54bc73547c99171f4894d72a6c7007e792669922b2aaa10b1958be7e361d007724fb7bc69e12
SSDEEP

24576:VJr8tEZgHqB1RlZg1NMz1V6275l13qtVO2tyDsdCtdsMMpSIqCe2I:VJ4oB1jazMzm275+1MsqZzCe2I

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
4768	rundll32.exe
4768	rundll32.exe
4672	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings	7efc91719274086ec6d638f73928ecbe1b6ca4101d994ef114bafb92dffb2538.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 388 wrote to memory of 4716	388	7efc91719274086ec6d638f73928ecbe1b6ca4101d994ef114bafb92dffb2538.exe	66
PID 388 wrote to memory of 4716	388	7efc91719274086ec6d638f73928ecbe1b6ca4101d994ef114bafb92dffb2538.exe	66
PID 388 wrote to memory of 4716	388	7efc91719274086ec6d638f73928ecbe1b6ca4101d994ef114bafb92dffb2538.exe	66
PID 4716 wrote to memory of 4768	4716	control.exe	68
PID 4716 wrote to memory of 4768	4716	control.exe	68
PID 4716 wrote to memory of 4768	4716	control.exe	68
PID 4768 wrote to memory of 4696	4768	rundll32.exe	69
PID 4768 wrote to memory of 4696	4768	rundll32.exe	69
PID 4696 wrote to memory of 4672	4696	RunDll32.exe	70
PID 4696 wrote to memory of 4672	4696	RunDll32.exe	70
PID 4696 wrote to memory of 4672	4696	RunDll32.exe	70

C:\Users\Admin\AppData\Local\Temp\7efc91719274086ec6d638f73928ecbe1b6ca4101d994ef114bafb92dffb2538.exe
"C:\Users\Admin\AppData\Local\Temp\7efc91719274086ec6d638f73928ecbe1b6ca4101d994ef114bafb92dffb2538.exe"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:388
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\ZOWK3EEJ.CPl",
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4716
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\ZOWK3EEJ.CPl",
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:4768
  - - C:\Windows\system32\RunDll32.exe
      C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\ZOWK3EEJ.CPl",
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4696
    - - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\ZOWK3EEJ.CPl",
        5⤵
        Loads dropped DLL
        
        PID:4672

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ZOWK3EEJ.CPl

Filesize
2.8MB

MD5
6ee35537d78675151a9df36c45a124f3

SHA1
a2e1389cb0acc072f1b694ca5d6c243ab15a9a9b

SHA256
7ef3a4ce8f57f7b5ac3949de3e66c1f2faafee3470a8628b50bc608f8835df1f

SHA512
48c527241555095c91384523b3407635bb3efa5c71cc6e5f9a837876513ff02061ef83590a5892db052e282261242807277d3a1c96f8d4c153acd90b1deb2d45

Download Submit
\Users\Admin\AppData\Local\Temp\ZOwK3eEJ.cpl

Filesize
2.8MB

MD5
6ee35537d78675151a9df36c45a124f3

SHA1
a2e1389cb0acc072f1b694ca5d6c243ab15a9a9b

SHA256
7ef3a4ce8f57f7b5ac3949de3e66c1f2faafee3470a8628b50bc608f8835df1f

SHA512
48c527241555095c91384523b3407635bb3efa5c71cc6e5f9a837876513ff02061ef83590a5892db052e282261242807277d3a1c96f8d4c153acd90b1deb2d45

Download Submit
\Users\Admin\AppData\Local\Temp\ZOwK3eEJ.cpl

Filesize
2.8MB

MD5
6ee35537d78675151a9df36c45a124f3

SHA1
a2e1389cb0acc072f1b694ca5d6c243ab15a9a9b

SHA256
7ef3a4ce8f57f7b5ac3949de3e66c1f2faafee3470a8628b50bc608f8835df1f

SHA512
48c527241555095c91384523b3407635bb3efa5c71cc6e5f9a837876513ff02061ef83590a5892db052e282261242807277d3a1c96f8d4c153acd90b1deb2d45

Download Submit
\Users\Admin\AppData\Local\Temp\ZOwK3eEJ.cpl

Filesize
2.8MB

MD5
6ee35537d78675151a9df36c45a124f3

SHA1
a2e1389cb0acc072f1b694ca5d6c243ab15a9a9b

SHA256
7ef3a4ce8f57f7b5ac3949de3e66c1f2faafee3470a8628b50bc608f8835df1f

SHA512
48c527241555095c91384523b3407635bb3efa5c71cc6e5f9a837876513ff02061ef83590a5892db052e282261242807277d3a1c96f8d4c153acd90b1deb2d45

Download Submit
memory/388-152-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-165-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-118-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-120-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-121-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-123-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-124-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-127-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-126-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-128-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-155-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-130-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-129-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-131-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-132-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-133-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-134-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-135-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-136-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-137-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-138-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-139-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-140-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-141-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-142-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-143-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-144-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-145-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-146-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-147-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-148-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-149-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-150-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-151-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-157-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-154-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-125-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-117-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-116-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-159-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-158-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-156-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-160-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-161-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-162-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-163-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-153-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-168-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-169-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-167-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-166-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-170-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-164-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-171-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-173-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-172-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-174-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-175-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-176-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-177-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-179-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-180-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-178-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-115-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/4672-336-0x0000000005250000-0x0000000005385000-memory.dmp

Filesize
1.2MB

Download
memory/4672-335-0x0000000004EA0000-0x0000000005108000-memory.dmp

Filesize
2.4MB

Download
memory/4672-345-0x0000000005250000-0x0000000005385000-memory.dmp

Filesize
1.2MB

Download
memory/4768-276-0x0000000004AB0000-0x0000000004D18000-memory.dmp

Filesize
2.4MB

Download
memory/4768-277-0x0000000004E60000-0x0000000004F95000-memory.dmp

Filesize
1.2MB

Download
memory/4768-347-0x0000000004E60000-0x0000000004F95000-memory.dmp

Filesize
1.2MB

Download