2e32092eeea3620932716d3b6d5fb1e2b9dfaf28185700d7b8372cbd341ee101

Analysis

max time kernel
61s
max time network
88s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28-10-2022 22:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e32092eeea3620932716d3b6d5fb1e2b9dfaf28185700d7b8372cbd341ee101.exe
Size

4.2MB
MD5

789c0afd62c09b0bf2cef650b9f68bd8
SHA1

f1731af4afbd8f90f48e6e2fb5249967ac7a7e07
SHA256

2e32092eeea3620932716d3b6d5fb1e2b9dfaf28185700d7b8372cbd341ee101
SHA512

82632743b6d3e85916d7131bae73e538be91dd909070ae2c17ffd9135d0ad0568585a560e733a771b04d9754cf5d836ae1061fbe20c7b5a58e6b904940c30719
SSDEEP

98304:qNio6GYhlGYi2gK6RqqNUHw4uIolk/3QIDpGYXV4cVYK:Mi5hjGagTR34ilkPQ2AYXnWK

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\2e32092eeea3620932716d3b6d5fb1e2b9dfaf28185700d7b8372cbd341ee101.exe
"C:\Users\Admin\AppData\Local\Temp\2e32092eeea3620932716d3b6d5fb1e2b9dfaf28185700d7b8372cbd341ee101.exe"
1⤵
PID:4288
- C:\Windows\SysWOW64\7z.exe
  "7z.exe" x -p1234 sysfiles.7z
  2⤵
  PID:1236
- C:\Windows\SysWOW64\sysfiles\rutserv.exe
  "C:\Windows\system32\sysfiles\rutserv.exe" /silentinstall
  2⤵
  PID:3640
- C:\Windows\SysWOW64\sysfiles\rutserv.exe
  "C:\Windows\system32\sysfiles\rutserv.exe" /firewall
  2⤵
  PID:4028
- C:\Windows\SysWOW64\sysfiles\rutserv.exe
  "C:\Windows\system32\sysfiles\rutserv.exe" /start
  2⤵
  PID:2004

C:\Windows\SysWOW64\sysfiles\rutserv.exe
C:\Windows\SysWOW64\sysfiles\rutserv.exe
1⤵
PID:2164
- C:\Windows\SysWOW64\sysfiles\rfusclient.exe
  C:\Windows\SysWOW64\sysfiles\rfusclient.exe /tray
  2⤵
  PID:240
- C:\Windows\SysWOW64\sysfiles\rfusclient.exe
  C:\Windows\SysWOW64\sysfiles\rfusclient.exe
  2⤵
  PID:2356

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsjC45A.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC45A.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC45A.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjC45A.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
C:\Windows\SysWOW64\7z.dll

Filesize
21KB

MD5
28f13283785e3bb3636643121cfc9fe7

SHA1
354954e6caca739e2956175f4bcf5a5566ad62fc

SHA256
b7daf4c76da17a4964292e55d75d18ff60488ac3cbe132a5889c9e5ef9b0a111

SHA512
e40d7d0bb9e674f87ea22d62c74f206f04b5c6104f3ec113779b6de1f6dfcf34f4ddbff0adda8b0655522d40a1369434b4d29e74f682301ac9a8fc9988bffe44

Download Submit
C:\Windows\SysWOW64\7z.dll

Filesize
22KB

MD5
30d69dd401eb63792c2c247e26cace6f

SHA1
304e729ed47eb5a458716e0daee04f0463679562

SHA256
fbe7cf4d661314579eefc117618dc85eba33c3e49460b4ff767eefe2250894e7

SHA512
77a0cdfe2f778045bc20620c829a1b2dd5834b6e4a2959d4ffe542f360e7d10391e87a6b6919e50b1a3d420981f8d299a8c3bfa654cce7ee9d04add24756c136

Download Submit
C:\Windows\SysWOW64\7z.exe

Filesize
25KB

MD5
93573400dbf361084e3f7bff4769c525

SHA1
33e6ce8226f8fec6955725490d8ff5f7df5b6546

SHA256
b769661e9ece391fe86750b94147e9900af408a4cf29b88ba704daa0edafdf45

SHA512
f0bf659ec19a6356a88a5c53cdb468564be39375d664a603741f4f006ab5829f7cca63d6879c95dd8f0959f9ff6debb4891bc6107a83534bb424e98d0fe507e0

Download Submit
C:\Windows\SysWOW64\7z.exe

Filesize
23KB

MD5
8eb9a05f0e60e201b76a321a3ee7ec03

SHA1
feb253cf2640e2944230114d58ef129eebbde723

SHA256
a8ea6a5aa8a11107f7dd64e98873a85ffb558a081845140f859f1e00f18c6393

SHA512
bc2351bca62c63ef9a357444e83b9bb9deaeeab299fa19df13ea87fc26ea44a6eede0f79d71ffe45d0d93af6b5e897b5a11c752f432c3a1cadc5f437668b29ed

Download Submit
C:\Windows\SysWOW64\sysfiles.7z

Filesize
14KB

MD5
467ffe19dddba5b355710cc8951b9e7f

SHA1
30d4aa7eafde5219ff74879a30a6393ee72792f3

SHA256
742d9294f907d4945a78ef673241b42fd5eff189b8802b7d575d851481b09ba0

SHA512
d04deec27cbf5e8f552a30d4d8aba9dae3e854f3281500fce0b07fd16be16fbe96d97e081873032867fd63c678b6a5a029b344373dc7d9fd5c959a28606ef583

Download Submit
C:\Windows\SysWOW64\sysfiles\English.lg

Filesize
43KB

MD5
fcccdb05b62796ad70eec5b21069114a

SHA1
e9aeb1bb63ed3c23e15c033049a9a645f6e2f1fa

SHA256
e4e1e61c81fe036cd05c2ed1a362e1f20565cf6df29fd714b7ad145e1b5176ce

SHA512
a187ee14092dabe948944bd9c451364cb48a08bdff044756f1281d7fba3398a926bb5260b66422dad78d2557791d3187a8e9f76d11a8f5382886393adb987cc8

Download Submit
C:\Windows\SysWOW64\sysfiles\Russian.lg

Filesize
48KB

MD5
50716fb95abf80ff78451e8a33f16d3c

SHA1
25552c03bf9ab4eb475ba9880a25acd09d44c4f5

SHA256
c36482a3a77859c8c7856da7c1360cfb6b84112df08c50cb3ec176546fa3fa1c

SHA512
071c131826e1d76b79e1dfbf5f1934d4ad5c49cbd904b13e7b11706fc3dd16db281d8ca32f49d08a3640ce59caec2a74597534607701606a7dc52ddf424742e2

Download Submit
C:\Windows\SysWOW64\sysfiles\dsfVorbisDecoder.dll

Filesize
240KB

MD5
50bad879226bcbbf02d5cf2dcbcfbf61

SHA1
be262f40212bd5a227d19fdbbd4580c200c31e4b

SHA256
49295f414c5405a4f180b319cfed471871471776e4853baaf117a5185ec0d90d

SHA512
476df817a9c9e23423080afcac899b83fc8f532e4fe62bea2feeb988cba538f1f710e2fb61d81d6c283c428d772922c7a6ecb1684ac68ca8f267415105a60116

Download Submit
C:\Windows\SysWOW64\sysfiles\dsfVorbisEncoder.dll

Filesize
202KB

MD5
b4d4e5d1a9d53f57b31fd48f7573f2de

SHA1
e25ca80bfd207a60f08707268a5753c43969db25

SHA256
cebf4777d586b6a3a9d896353a73908d2d55dc0530b0c500df5a05cf121774f7

SHA512
03e38be3eb05c064e48af009966106939fa93af9594a18f0eb181ada7361bda59aafc3c1474a7707c69ab0c082cdc7f3dcab288934e8cd1f079cdc3ae395fc54

Download Submit
C:\Windows\SysWOW64\sysfiles\gdiplus.dll

Filesize
201KB

MD5
f466111c1411eb2d28957d51db7a789f

SHA1
4ee2981d38871bf4fb05d08fcc829734eb9f64b8

SHA256
82318f52cb70d11a9fd14093379a720d410066c14ceb80f127f2fcc38c8f0ec3

SHA512
0d4cb882f22542d6b3d13b03a4df71b9b8a02a6e87515149f267411990a55d26be2f1f43daef5f4830f014bbc0e63de8b8eaf123f67aacec34841418dde53ac3

Download Submit
C:\Windows\SysWOW64\sysfiles\hideprlib.dll

Filesize
42KB

MD5
235622896add089dd5576a9ae64799b2

SHA1
32fac8421682280c239c56fcdd888ccec80fd460

SHA256
8fd250334d351139ba20fd3ef848cbba1331e8e5e033d9c95d9faa91f2a8afa3

SHA512
c08239a531feec6a7f6116578dbee9862cdc45318e89e4d6db2052cb353d4a66f5f9163596cac1a18be16b30d3e90639ff65e026f782c39077edd85d1c3215d1

Download Submit
C:\Windows\SysWOW64\sysfiles\msvcp90.dll

Filesize
188KB

MD5
4e3f23f862ff3bde639d1a32c95317c6

SHA1
63c4013b46d95f3e1a42e4ed9f5dd497b7b8c0d3

SHA256
d8bab10fcef6d18c8d389f6902bbf65a7a875fc833cee22ceac1f55bed9f423d

SHA512
71d67b8e7f371b535ca38f309a6c61715d0690205d2f2bf3be36a9b6649970f9f7a33d2262c2003dac3001ec087e1964d0859b74ab0dff8a298433c83e05c90c

Download Submit
C:\Windows\SysWOW64\sysfiles\msvcr90.dll

Filesize
213KB

MD5
f34c61dc63d91683c98c145e831b6a4e

SHA1
11245b44e47a16afa57550289a257b1a03158ec5

SHA256
eabaf760af36651d78ef46f7592e8f9ce6c93f564c33d6d3b69aeda385524a96

SHA512
cb917c258b270f6fe4ed29154a5102e1857edb059869bf2ce76c24f1da2f1b56d94a91acb5577db1100bfc8be4ef5b04cbe53609c0c0cedde90c14076aa8228f

Download Submit
C:\Windows\SysWOW64\sysfiles\rfusclient.exe

Filesize
272KB

MD5
7343a3b84e6e1f82778ca942be553485

SHA1
9ef6d8c5eade594fae99eb32cbc1bd172ac6b51a

SHA256
d43065cb954f918968aaf4f276179ef14dea4a1cd536bff93b9cff555ac6d607

SHA512
01f30f80b20dc4d99e894be25de149da3d8417971e27cfb619d305d3dbee4d940f6ac4dcfdec430046200ae0b6379639a58427a7e69147ce141b95f5ef6f1101

Download Submit
C:\Windows\SysWOW64\sysfiles\rfusclient.exe

Filesize
20KB

MD5
8021b616b7b389f36d2734e742607323

SHA1
79440a7867a1f2d27cb80798830600b71b09109d

SHA256
3c9f1bacdc54b50e0287ffa74c09f07b758eee98e9ba4b67c166b3cb77ccf1e6

SHA512
273e78a113d0fa6bb7f14567925acadddc31994d07da5c87955a48263ba7c27431d68472ff4363ab08bacbe2a709bac1c4ad5ec9ff383001eaad049f8d3d2903

Download Submit
C:\Windows\SysWOW64\sysfiles\rfusclient.exe

Filesize
158KB

MD5
4caf1c1c3c5bf4a6ac3692b41bf3e81f

SHA1
c98c85add87cacf4daf49c36df14e55f24e91e56

SHA256
93cf4872bbc5cd2e4118694365c7318e7f29503d74210a3c35dd052068fa227b

SHA512
39e018acfbe57299a44a07771a2e2f18fd3cb70bf8b2e58c2b5c1beead6703b8311e56ac12a6688e52fc52577c25775e034349da353bdda4e0a98eb03e1e826e

Download Submit
C:\Windows\SysWOW64\sysfiles\rutserv.exe

Filesize
65KB

MD5
afe1f76b1b627edb69a730c5f736d0a0

SHA1
c1d1142eccd9c0a3f00ee197720d4951826f4ddd

SHA256
74e12dd24513d73fbdec9768959f9bb7af98ac22aad482356eb60e89c48c86a2

SHA512
9c8fc6353f65dd7cb68919027782ff54c839666ea9f873b85cd441a2b4eaf99bdc4bb1017f347e2c5457a252f710dab40b79535b820a53512887cb5794b041ba

Download Submit
C:\Windows\SysWOW64\sysfiles\rutserv.exe

Filesize
49KB

MD5
93df13e36352961f42e830eeb812cd4d

SHA1
13cad1ca6ea028f0d0d47be75655849721b3e1e8

SHA256
1e92510f2c28ab396d25ecf67ab323f6b4c49515a6986adc4e8cd605b864ffdd

SHA512
723c6f8a1fee98f7e696a2b2e89ccc2852c58eea28148b05c8b87a66998fa8ebe9cc8df1aa9bf54822418ce8c46591f36fda9d5201eabf99c83778a114dec1f9

Download Submit
C:\Windows\SysWOW64\sysfiles\rutserv.exe

Filesize
30KB

MD5
64dab84df8abe8153654710f1faf9328

SHA1
42ee63779a90f839bd515e295a9eee3a8a18e1be

SHA256
2d4f31aac8f0d7dbf94910aa2e83a57adf44a7031fd8f2a6e13025f9c33de0ee

SHA512
b4a7a7d1400707f8ebb6a4eef49d375bd541e20164840b9797bf1397aa7aa47709aabc85b3dd0495498ad6716c71f1d5f0220d73d5628ff1f821c6f2bbc4f155

Download Submit
C:\Windows\SysWOW64\sysfiles\rutserv.exe

Filesize
10KB

MD5
75be929f7b9e6310c52ca979d21a3f0a

SHA1
108f1b225d142a06d692f373441d38c2a3d52955

SHA256
c57b1fc713ba465a94b72f218cc0fe7cc5b0f718355fb866bd5deb90f5a88eb4

SHA512
92d9c9a3a7c81300216b577a2187bd83c076727616bcac5bef1e5ed7b54cdb21b0db3538eda690e2fc2b9e0d6bbe6c86a0a6c307d64283b904e09748fb3389b4

Download Submit
C:\Windows\SysWOW64\sysfiles\rutserv.exe

Filesize
18KB

MD5
da10623d2d202e0d2fa5e6c1fce58d37

SHA1
03a81cbdd1e9401030d30089f3fbe8a17990de9d

SHA256
c9642a2298ad2ae6c98d9cbc831b22c24546ccfa3948a4a75fff75787d9bf2d0

SHA512
f0aa45ed57a7be2a02f0e1b01780e16465b71a83d4dd4192b368d0f7503e2404b8d1c31ca76604fd42d66cb43bb4f9995f11abd2d1b0afd4007d9f4c9136f292

Download Submit
C:\Windows\SysWOW64\sysfiles\vp8decoder.dll

Filesize
200KB

MD5
5ef62fca56d415f0b67d05f5e83b9eeb

SHA1
5115f287f8dd7ea4e262af664b586250fdf4a7b2

SHA256
341ace6966d285ba2361fd6f06dfd5874a2f206c1216fb7487b54547bc5f170b

SHA512
a4e46c591a96fa6f0cd830612ec988d0c10fa18bff2164bc9f308df3ea612e4f5b6cc28ae4251290a126e6748975a74e2563918f6e4b2aa99d7b0eb1fc68ef9b

Download Submit
C:\Windows\SysWOW64\sysfiles\vp8encoder.dll

Filesize
272KB

MD5
fd96b23e139a88db896e97249ea806bf

SHA1
90a4a2b34cead2d854714a682203440a5364c797

SHA256
1a959f44718e5d6ebd49d119ce44b5e6524d18693cb0aaa4427f72726ca79360

SHA512
72d8977dcbe60e3eaf7b95287e558027b5c84eaf611adfaecf474a91fbed1beab108d8bfe81c6d0d57144ebe23da5e95b5894a08f47dd70e47449808dc01addb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads