b1cce1737dadecb7fbe54b11b46da4d5f5e6ec4fbdebe0f29e60187e1b01de9d

Analysis

max time kernel
39s
max time network
67s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 06:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b1cce1737dadecb7fbe54b11b46da4d5f5e6ec4fbdebe0f29e60187e1b01de9d.exe
Size

2.6MB
MD5

6468e29df9de82cf43cbb3dc35d303cb
SHA1

c355e0bc8c3fa08467ed6940c9adcb6bebef2518
SHA256

b1cce1737dadecb7fbe54b11b46da4d5f5e6ec4fbdebe0f29e60187e1b01de9d
SHA512

9ee17ed4399358ba42b8b391600a6a8a52086eb0230c16443678c2881a8539f9d40b73421e9605fae3b65d00ab574fefe29ab5fd779ce56137a7f0f1bc418207
SSDEEP

49152:D8MMHHBQlZE7MArHoyDRkQb8CuMeSGO7xLLNPpJ6Qmub1F1ZblhwLRA+asFO6asG:D8MMHHBQFQHph4CutpOlLhBcQDbNZbl3

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\b1cce1737dadecb7fbe54b11b46da4d5f5e6ec4fbdebe0f29e60187e1b01de9d.exe
"C:\Users\Admin\AppData\Local\Temp\b1cce1737dadecb7fbe54b11b46da4d5f5e6ec4fbdebe0f29e60187e1b01de9d.exe"
1⤵
PID:1320
- C:\Users\Admin\AppData\Local\Temp\94DD7CB6-9F8A-D141-82AC-BC9DEAB8E75F\RtHelp.exe
  "C:\Users\Admin\AppData\Local\Temp\94DD7CB6-9F8A-D141-82AC-BC9DEAB8E75F\RtHelp.exe" --GoAn --Supp 577 --Mode CheckInstall --Cid 8C23B596-8020-2441-9031-1AAC41839D7F
  2⤵
  PID:1232
- C:\Users\Admin\AppData\Local\Temp\94DD7CB6-9F8A-D141-82AC-BC9DEAB8E75F\RtHelp.exe
  "C:\Users\Admin\AppData\Local\Temp\94DD7CB6-9F8A-D141-82AC-BC9DEAB8E75F\RtHelp.exe" --InstSupp --Supp 577 --Ver 155
  2⤵
  PID:1012

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\94DD7CB6-9F8A-D141-82AC-BC9DEAB8E75F\MSVCP110.dll

Filesize
82KB

MD5
682df90e03c3fa68da14613495cb1ba2

SHA1
5e632328e5c9cb73034ade3d3d83547b1cbcd611

SHA256
4450818c63943a90fe297fc058acb68a776404fa91cbcbd04f15930040fea66c

SHA512
9939ebc4e8c35921383690880517301f984cd315ddf4f77129b637e158af771290c92522c607468b4d502f241784eaf3be2a3d4c819de9ed3e37e543efc6ff73

Download Submit
C:\Users\Admin\AppData\Local\Temp\94DD7CB6-9F8A-D141-82AC-BC9DEAB8E75F\MSVCR110.dll

Filesize
89KB

MD5
1c6541dbc581b61840397653567ffab6

SHA1
ed003fc6a476e75c7934e7dbc084165222e1a41c

SHA256
45124456476ea65142c756f1cf10b4b908c31503ce4d3b28455ffc21687f0753

SHA512
3e4b37ea0ef2a46632e5fd678c8fd671e46b768d390691f28ff184b7de6e40397560b18831e831780184c3550fc0f468f992bf2d9f16aa162dee245fa9ba7f34

Download Submit
C:\Users\Admin\AppData\Local\Temp\94DD7CB6-9F8A-D141-82AC-BC9DEAB8E75F\Modules\CmlProc.dll

Filesize
84KB

MD5
beccdd9df8ec434c9e6eb78fa054363a

SHA1
f690c5eab1c1c39f84b19f3525114a2b3937cedb

SHA256
6f461ce8c1e47844ed11ec53e08d760fa9340a32b04af207a3976cc7f9dd6cef

SHA512
3a6586743f4129c641cb82886225179d218545aebf82546d07f791dbbe270ddb969040fd9a55ad5485678d881e3a3343be27a84ba412d401864edcc581c60f4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\94DD7CB6-9F8A-D141-82AC-BC9DEAB8E75F\Modules\InSes.dll

Filesize
37KB

MD5
7ad47a04c4bf17d6fec2cb25d6c3d58e

SHA1
3e89bb832ad06cf28b64dce60e657edfcc1cc387

SHA256
6837d7c7050bc16a35824de09c345b70365a5e7f3dff61ef496ddc03d889b39e

SHA512
1ff31b057a940e226e0791844db37d5cb00453814665f5110699987417163e8fc739573be9d8507d38a7c6d6bb1b46838466d7dcd064c8300dae07c212bdb3c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\94DD7CB6-9F8A-D141-82AC-BC9DEAB8E75F\Modules\ManXec.dll

Filesize
26KB

MD5
c808f8997bd4cffc3ecd228cc20e7496

SHA1
d2e7973635dd35109d30a58c93e65957ddbb6c03

SHA256
81aa29170abe7782b9dc4ca04e00cf568f4b71c3a7708698ce1ad3ffd7147b6a

SHA512
40f2979ec0a45b376431cbded73314a64eaea292b434644b352ae2852a1ec81bf11fe6bc2dbcc412178820e9e216ca09380536cf2b9359063e6afb190f6619d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\94DD7CB6-9F8A-D141-82AC-BC9DEAB8E75F\RtHelp.exe

Filesize
15KB

MD5
0cad9f6980aa5b3e5d3d108f807c8f6f

SHA1
5f191ac7b27ccce9d6f64d3dec113fea318130d9

SHA256
4df2388a1d74dd8ecbe25cabef131f85445329f58670522bdd0269daf770405c

SHA512
dcec93c53d66383fe0a9c8c203501076aa0cfd5e4a769038d0990c0af761fcd22c57558bfd187d5755841e7fc52327e855b23fd30e7ddd750ae7dbc810a09f25

Download Submit
C:\Users\Admin\AppData\Local\Temp\94DD7CB6-9F8A-D141-82AC-BC9DEAB8E75F\RtHelp.exe

Filesize
96KB

MD5
df6d441e6b6d65606d50c2af499a9399

SHA1
b21ef44dc2e057f5e2b25c5b38c165537bdd6a47

SHA256
daf9410cf3ff822bff10df56cf5aea30ac4b7461601b2128473326df3ea86f0b

SHA512
66ab59814fca9d85d1cba735b6c1959d142aa6740ca1167913a3c9667f11f0050a071db2261e50ef0f9a55adb34cc12b9debaf315e41f12d14db3b4f1073e9ef

Download Submit
\Users\Admin\AppData\Local\Temp\94DD7CB6-9F8A-D141-82AC-BC9DEAB8E75F\Modules\CmlProc.dll

Filesize
84KB

MD5
beccdd9df8ec434c9e6eb78fa054363a

SHA1
f690c5eab1c1c39f84b19f3525114a2b3937cedb

SHA256
6f461ce8c1e47844ed11ec53e08d760fa9340a32b04af207a3976cc7f9dd6cef

SHA512
3a6586743f4129c641cb82886225179d218545aebf82546d07f791dbbe270ddb969040fd9a55ad5485678d881e3a3343be27a84ba412d401864edcc581c60f4d

Download Submit
\Users\Admin\AppData\Local\Temp\94DD7CB6-9F8A-D141-82AC-BC9DEAB8E75F\Modules\CmlProc.dll

Filesize
84KB

MD5
beccdd9df8ec434c9e6eb78fa054363a

SHA1
f690c5eab1c1c39f84b19f3525114a2b3937cedb

SHA256
6f461ce8c1e47844ed11ec53e08d760fa9340a32b04af207a3976cc7f9dd6cef

SHA512
3a6586743f4129c641cb82886225179d218545aebf82546d07f791dbbe270ddb969040fd9a55ad5485678d881e3a3343be27a84ba412d401864edcc581c60f4d

Download Submit
\Users\Admin\AppData\Local\Temp\94DD7CB6-9F8A-D141-82AC-BC9DEAB8E75F\Modules\InSes.dll

Filesize
37KB

MD5
7ad47a04c4bf17d6fec2cb25d6c3d58e

SHA1
3e89bb832ad06cf28b64dce60e657edfcc1cc387

SHA256
6837d7c7050bc16a35824de09c345b70365a5e7f3dff61ef496ddc03d889b39e

SHA512
1ff31b057a940e226e0791844db37d5cb00453814665f5110699987417163e8fc739573be9d8507d38a7c6d6bb1b46838466d7dcd064c8300dae07c212bdb3c1

Download Submit
\Users\Admin\AppData\Local\Temp\94DD7CB6-9F8A-D141-82AC-BC9DEAB8E75F\Modules\InSes.dll

Filesize
37KB

MD5
7ad47a04c4bf17d6fec2cb25d6c3d58e

SHA1
3e89bb832ad06cf28b64dce60e657edfcc1cc387

SHA256
6837d7c7050bc16a35824de09c345b70365a5e7f3dff61ef496ddc03d889b39e

SHA512
1ff31b057a940e226e0791844db37d5cb00453814665f5110699987417163e8fc739573be9d8507d38a7c6d6bb1b46838466d7dcd064c8300dae07c212bdb3c1

Download Submit
\Users\Admin\AppData\Local\Temp\94DD7CB6-9F8A-D141-82AC-BC9DEAB8E75F\Modules\ManXec.dll

Filesize
18KB

MD5
6b8b9ea1bf865886ed83dec0e5619e6e

SHA1
f7766f714a045810580c503842c68d3b7913be2c

SHA256
87388b2b27b2ba237a3a7396e78c55ba4d5a5a9e8c3e24851d10584f87106a79

SHA512
3a9b95e6ace14ebbffef3c8ec9c3d04f46b74bb88c850d35ced50470ad65bde6fe13b650886fbe9f2f88d3866d6a8ee0190b5d121c16e5e48b155b8ef466c1e8

Download Submit
\Users\Admin\AppData\Local\Temp\94DD7CB6-9F8A-D141-82AC-BC9DEAB8E75F\Modules\ManXec.dll

Filesize
92KB

MD5
58d7d5107fb0d71f96d458856bb74bd2

SHA1
42151dfb2446a586b54e22c661bf921bc955078f

SHA256
5adb28f0382d97628f2480d56e10734fa62257586a3a2e10e8925268f8734d22

SHA512
9816c70920a01ac42bfa93d1e2e29da97773aeafc40618c61b195c15cfc23c5b1ae2bbfccceb5b7882cc31662470906889bab18367717c1c4ea2c352cde3db08

Download Submit
\Users\Admin\AppData\Local\Temp\94DD7CB6-9F8A-D141-82AC-BC9DEAB8E75F\RtHelp.exe

Filesize
23KB

MD5
9801b22ee8687cd8ccaccac270409fa4

SHA1
5f61e287c292bbff7f71046dcc06008443e57243

SHA256
355b17e39197f432ec5500ac68d5a14eece00091d72377e85c55e849fae922b2

SHA512
31fc0811f391b8f7d9f0944ee061a06d09935a90b24bc80a523c37518c8db4e549685f08b400029526c585d66099209d7a74d7efbc7d2a995ce99c5d2dcc6342

Download Submit
\Users\Admin\AppData\Local\Temp\94DD7CB6-9F8A-D141-82AC-BC9DEAB8E75F\RtHelp.exe

Filesize
90KB

MD5
6836cc8f730ad58f4953b586387da509

SHA1
fbe505cd53279499482f88276dfa57925ab1e808

SHA256
587de157d3f86076804acaaa50b6ef0b1a4b80d1d233794d2c11e37790cd8d5e

SHA512
81cf32bb7dbfe5f8ca8c8d27c8c62697e8d37a5dc351867450a22611a3ef643655e9ec813452a9368a34466f615a585c43d9c14f679d2b6c8589aed9d2fc06eb

Download Submit
\Users\Admin\AppData\Local\Temp\94DD7CB6-9F8A-D141-82AC-BC9DEAB8E75F\msvcp110.dll

Filesize
100KB

MD5
c8e6e30e50e9d2baa688d32bb64f6dca

SHA1
fd5c811a64a274c9ba0ef12c2f9e2b9773128336

SHA256
e48a257a5ddf075354d2f16ae108d970913a2dff0780cc231b3228937fc33243

SHA512
71523ac6ab87a863460f334ca537282cb2f77412d208bcd41b01632935e5a9f6fd22b718d729c9bfad2ecec2665cd57544f349671a4cfb3e62c84d04b01f59a8

Download Submit
\Users\Admin\AppData\Local\Temp\94DD7CB6-9F8A-D141-82AC-BC9DEAB8E75F\msvcp110.dll

Filesize
80KB

MD5
61dbff09ab4a8f322745cf7b83511bfd

SHA1
db818b73f079649ec76c2b92d939516e212f455c

SHA256
24791dd923f6b52a995486c3b455364cd9d54efd29185228bfafc53d01cf51af

SHA512
449904778603f2dd5fda798076d315aec88c278615b54051e8b47f0245d8f62bbdd81959c3926c04802ee98739b991bbe30424d1dabe6db6356b681b3e50ec53

Download Submit
\Users\Admin\AppData\Local\Temp\94DD7CB6-9F8A-D141-82AC-BC9DEAB8E75F\msvcr110.dll

Filesize
75KB

MD5
c2f330cda9173795c390430dcf580bd3

SHA1
05010e2df4dac6e6b692ff77add65be7ff76faf6

SHA256
3736368c21ccc0827cb214853aa223a4670332029a60e2fcf53b567f2e200da8

SHA512
5280d66937fbfdb09dbde507914249ee9b742af4ca98dbbdaa0e677f2dd7ee1e9a3a6a32e0b2b425d862f90063f4008d46336abc7b43795e00446d05d38db4be

Download Submit
\Users\Admin\AppData\Local\Temp\94DD7CB6-9F8A-D141-82AC-BC9DEAB8E75F\msvcr110.dll

Filesize
70KB

MD5
8c75a0394de48967ad070cbdbd4d7784

SHA1
669aa0f3508d4cf1277b9dbfd9992400051a1eb7

SHA256
a94b9b15a46daf8838b23b4997265995e41ee944d21ffb469e1d3fa11e3f6980

SHA512
0ba2a4e0a83feaae13c6fb3dd86201740f124767d9b6da1094259c40fbf49267f5c504d6528b2b294c026a97a176e4552ed4770592e025639d216f1d5e6ef2ab

Download Submit
\Users\Admin\AppData\Local\Temp\nseDBC1.tmp\System.dll

Filesize
11KB

MD5
096175126901d6fba8ebae4cf790bf1b

SHA1
732f671236e4fc3c9ac8697218ded618ed822a5a

SHA256
0e996627da441cba19205921f65906a331b21e21cf397f001c56a3707169cb7a

SHA512
bce1d99f7993f29fc557cd6868049b6a7998afe153789c7837e0fe67657fe59c43adf0cbf1ff701a49eb6b946ddae874d9034ae39ea5827e1390556378448fd2

Download Submit
\Users\Admin\AppData\Local\Temp\nseDBC1.tmp\System.dll

Filesize
7KB

MD5
eef16188c79c0afb3dba97a5fe11bb6e

SHA1
3eda802712cd408b94fa5984c4c3186ec21254b5

SHA256
41269224cb1454bfbaffcac964f6192fe09748d1ca8fbab098ccf77422aef667

SHA512
af830896dac1fe88b24acb91bc3f15961fd4004070f529b1a0de65d5d007462c79d4346d5bc97a74553953946c3ec0076de178502d099cb277a9a337c8db5629

Download Submit
memory/1320-54-0x0000000075071000-0x0000000075073000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads