12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48

Analysis

max time kernel
55s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 12:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48.exe
Size

503KB
MD5

e4efe4a433072d40380bb9125f5385e4
SHA1

92682c7ea97c282d897aff8efa90b8ba55061a82
SHA256

12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48
SHA512

3ca60dffd2ccb419190441da25c9f2dd38d58d843d778b10d79e5fcc64c052181b13f1762b74313b48a15cddc37275c5086e095fa98b3356582726a78906a7e5
SSDEEP

12288:OKC/bDMqTZfpEujkyXJa5yun+/0GtKdp+W1:RSDMqpdXzun+cKmEW

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1776	12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48.exe

Loads dropped DLL 4 IoCs

pid	Process
1468	12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48.exe
1468	12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48.exe
1468	12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48.exe
1468	12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 1776	1468	12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48.exe	27
PID 1468 wrote to memory of 1776	1468	12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48.exe	27
PID 1468 wrote to memory of 1776	1468	12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48.exe	27
PID 1468 wrote to memory of 1776	1468	12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48.exe	27

C:\Users\Admin\AppData\Local\Temp\12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48.exe
"C:\Users\Admin\AppData\Local\Temp\12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Users\Admin\AppData\Local\Installer\12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48.exe
  "C:\Users\Admin\AppData\Local\Installer\12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48.exe" admin
  2⤵
  - Executes dropped EXE
  PID:1776

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Installer\12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48.exe

Filesize
503KB

MD5
e4efe4a433072d40380bb9125f5385e4

SHA1
92682c7ea97c282d897aff8efa90b8ba55061a82

SHA256
12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48

SHA512
3ca60dffd2ccb419190441da25c9f2dd38d58d843d778b10d79e5fcc64c052181b13f1762b74313b48a15cddc37275c5086e095fa98b3356582726a78906a7e5

Download Submit
\Users\Admin\AppData\Local\Installer\12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48.exe

Filesize
503KB

MD5
e4efe4a433072d40380bb9125f5385e4

SHA1
92682c7ea97c282d897aff8efa90b8ba55061a82

SHA256
12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48

SHA512
3ca60dffd2ccb419190441da25c9f2dd38d58d843d778b10d79e5fcc64c052181b13f1762b74313b48a15cddc37275c5086e095fa98b3356582726a78906a7e5

Download Submit
\Users\Admin\AppData\Local\Installer\12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48.exe

Filesize
503KB

MD5
e4efe4a433072d40380bb9125f5385e4

SHA1
92682c7ea97c282d897aff8efa90b8ba55061a82

SHA256
12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48

SHA512
3ca60dffd2ccb419190441da25c9f2dd38d58d843d778b10d79e5fcc64c052181b13f1762b74313b48a15cddc37275c5086e095fa98b3356582726a78906a7e5

Download Submit
\Users\Admin\AppData\Local\Installer\12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48.exe

Filesize
503KB

MD5
e4efe4a433072d40380bb9125f5385e4

SHA1
92682c7ea97c282d897aff8efa90b8ba55061a82

SHA256
12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48

SHA512
3ca60dffd2ccb419190441da25c9f2dd38d58d843d778b10d79e5fcc64c052181b13f1762b74313b48a15cddc37275c5086e095fa98b3356582726a78906a7e5

Download Submit
\Users\Admin\AppData\Local\Installer\12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48.exe

Filesize
503KB

MD5
e4efe4a433072d40380bb9125f5385e4

SHA1
92682c7ea97c282d897aff8efa90b8ba55061a82

SHA256
12fb20069a2db2580c5d4e7eed997d99ef19e6089bce1d0b7b1a7d7714174b48

SHA512
3ca60dffd2ccb419190441da25c9f2dd38d58d843d778b10d79e5fcc64c052181b13f1762b74313b48a15cddc37275c5086e095fa98b3356582726a78906a7e5

Download Submit
memory/1468-54-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download