76a697c87b4940770bc742ca0f90b7018322a12593db77d5142359a22a35768c

Analysis

max time kernel
54s
max time network
147s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
02/11/2022, 19:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

76a697c87b4940770bc742ca0f90b7018322a12593db77d5142359a22a35768c.exe
Size

2.1MB
MD5

2eaf293a7890ed62be1fe892de89a7b8
SHA1

b4ee6e3c96b891838689f128783efaa4ee84c9f3
SHA256

76a697c87b4940770bc742ca0f90b7018322a12593db77d5142359a22a35768c
SHA512

a23b6a04974b0d5c16b6e644e628130061947518f2d036e0a88dbb46e88ccb6382a361ccea72c8747e23c48f945119bbc25f423525e993e8cced24881a145211
SSDEEP

49152:C3d3VuNANPtP86CKq142o3MJJjs6LuXt886ahLn:CtVWArk6CU2ocJJjC+86On

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
4904	rundll32.exe
4904	rundll32.exe
1888	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings	76a697c87b4940770bc742ca0f90b7018322a12593db77d5142359a22a35768c.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 5088	2404	76a697c87b4940770bc742ca0f90b7018322a12593db77d5142359a22a35768c.exe	66
PID 2404 wrote to memory of 5088	2404	76a697c87b4940770bc742ca0f90b7018322a12593db77d5142359a22a35768c.exe	66
PID 2404 wrote to memory of 5088	2404	76a697c87b4940770bc742ca0f90b7018322a12593db77d5142359a22a35768c.exe	66
PID 5088 wrote to memory of 4904	5088	control.exe	68
PID 5088 wrote to memory of 4904	5088	control.exe	68
PID 5088 wrote to memory of 4904	5088	control.exe	68
PID 4904 wrote to memory of 3952	4904	rundll32.exe	69
PID 4904 wrote to memory of 3952	4904	rundll32.exe	69
PID 3952 wrote to memory of 1888	3952	RunDll32.exe	70
PID 3952 wrote to memory of 1888	3952	RunDll32.exe	70
PID 3952 wrote to memory of 1888	3952	RunDll32.exe	70

C:\Users\Admin\AppData\Local\Temp\76a697c87b4940770bc742ca0f90b7018322a12593db77d5142359a22a35768c.exe
"C:\Users\Admin\AppData\Local\Temp\76a697c87b4940770bc742ca0f90b7018322a12593db77d5142359a22a35768c.exe"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\sxhVP.CpL",
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5088
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\sxhVP.CpL",
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:4904
  - - C:\Windows\system32\RunDll32.exe
      C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\sxhVP.CpL",
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3952
    - - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\sxhVP.CpL",
        5⤵
        Loads dropped DLL
        
        PID:1888

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\sxhVP.CpL

Filesize
2.0MB

MD5
d19ce8c05e4de2da241ce2d6c897f2bd

SHA1
02679a3d2b4e5b77924da8284312a9f3f3fd5123

SHA256
6a38b26a0957606a4b3954b04fce48a8976a129a445d7e5d36d0adcc2192ff9d

SHA512
e4027266d19ca49a5eee4c46afb45961dfc7bf2355c6272a7ce678c68a4bcddacf83d281297d63ff270f8a1614e323591104bd246213b7120dbfde07e62e88bb

Download Submit
\Users\Admin\AppData\Local\Temp\sxhvP.cpl

Filesize
2.0MB

MD5
d19ce8c05e4de2da241ce2d6c897f2bd

SHA1
02679a3d2b4e5b77924da8284312a9f3f3fd5123

SHA256
6a38b26a0957606a4b3954b04fce48a8976a129a445d7e5d36d0adcc2192ff9d

SHA512
e4027266d19ca49a5eee4c46afb45961dfc7bf2355c6272a7ce678c68a4bcddacf83d281297d63ff270f8a1614e323591104bd246213b7120dbfde07e62e88bb

Download Submit
\Users\Admin\AppData\Local\Temp\sxhvP.cpl

Filesize
2.0MB

MD5
d19ce8c05e4de2da241ce2d6c897f2bd

SHA1
02679a3d2b4e5b77924da8284312a9f3f3fd5123

SHA256
6a38b26a0957606a4b3954b04fce48a8976a129a445d7e5d36d0adcc2192ff9d

SHA512
e4027266d19ca49a5eee4c46afb45961dfc7bf2355c6272a7ce678c68a4bcddacf83d281297d63ff270f8a1614e323591104bd246213b7120dbfde07e62e88bb

Download Submit
\Users\Admin\AppData\Local\Temp\sxhvP.cpl

Filesize
2.0MB

MD5
d19ce8c05e4de2da241ce2d6c897f2bd

SHA1
02679a3d2b4e5b77924da8284312a9f3f3fd5123

SHA256
6a38b26a0957606a4b3954b04fce48a8976a129a445d7e5d36d0adcc2192ff9d

SHA512
e4027266d19ca49a5eee4c46afb45961dfc7bf2355c6272a7ce678c68a4bcddacf83d281297d63ff270f8a1614e323591104bd246213b7120dbfde07e62e88bb

Download Submit
memory/1888-347-0x00000000053D0000-0x00000000054F8000-memory.dmp

Filesize
1.2MB

Download
memory/1888-338-0x00000000053D0000-0x00000000054F8000-memory.dmp

Filesize
1.2MB

Download
memory/1888-337-0x0000000005170000-0x0000000005298000-memory.dmp

Filesize
1.2MB

Download
memory/2404-153-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-163-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-125-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-126-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-127-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-128-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-157-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-131-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-130-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-159-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-134-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-133-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-135-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-136-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-137-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-138-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-139-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-140-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-141-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-142-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-143-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-144-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-145-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-146-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-147-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-149-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-148-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-150-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-151-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-152-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-121-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-154-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-155-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-156-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-129-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-124-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-132-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-160-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-161-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-162-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-158-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-164-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-165-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-166-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-167-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-168-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-169-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-170-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-171-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-172-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-173-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-174-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-175-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-176-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-177-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-178-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-179-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-180-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-181-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-116-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-117-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-118-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-122-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/2404-119-0x0000000076EF0000-0x000000007707E000-memory.dmp

Filesize
1.6MB

Download
memory/4904-279-0x0000000004C80000-0x0000000004DA8000-memory.dmp

Filesize
1.2MB

Download
memory/4904-278-0x0000000004A20000-0x0000000004B48000-memory.dmp

Filesize
1.2MB

Download
memory/4904-348-0x0000000004C80000-0x0000000004DA8000-memory.dmp

Filesize
1.2MB

Download