440ae0e3f8759a6586d25e1e966ccf19f8a8987df1a271de702324ce5cf2e37e

Analysis

max time kernel
56s
max time network
148s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
02-11-2022 20:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

440ae0e3f8759a6586d25e1e966ccf19f8a8987df1a271de702324ce5cf2e37e.exe
Size

1.8MB
MD5

cb540ab7fafb0e911737d5d7305195bc
SHA1

68cf47e781df047b1971027f03e4c2b523710bb5
SHA256

440ae0e3f8759a6586d25e1e966ccf19f8a8987df1a271de702324ce5cf2e37e
SHA512

3b92ae050460e74223cffe86efacfa5f9861e91cc4ed1c57997518c169218ae5285ea3e7e73a5ab7360702a1ed484b6497c802653880721ce05d51e405f655a3
SSDEEP

49152:gJ4N6xn/zlMI+lrA2F7UhAEcEqNKokq/7O6e:gJ4o1rlMXrRUaEcEqMize

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1488	msiexec.exe
1488	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4324 wrote to memory of 1488	4324	440ae0e3f8759a6586d25e1e966ccf19f8a8987df1a271de702324ce5cf2e37e.exe	66
PID 4324 wrote to memory of 1488	4324	440ae0e3f8759a6586d25e1e966ccf19f8a8987df1a271de702324ce5cf2e37e.exe	66
PID 4324 wrote to memory of 1488	4324	440ae0e3f8759a6586d25e1e966ccf19f8a8987df1a271de702324ce5cf2e37e.exe	66

C:\Users\Admin\AppData\Local\Temp\440ae0e3f8759a6586d25e1e966ccf19f8a8987df1a271de702324ce5cf2e37e.exe
"C:\Users\Admin\AppData\Local\Temp\440ae0e3f8759a6586d25e1e966ccf19f8a8987df1a271de702324ce5cf2e37e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4324
- C:\Windows\SysWOW64\msiexec.exe
  "C:\Windows\System32\msiexec.exe" -Y .\fTUE2H.F
  2⤵
  - Loads dropped DLL
  PID:1488

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\fTUE2H.F

Filesize
2.0MB

MD5
349e69d6debfbe7217aa3e2eff41d0c8

SHA1
66f9188dc9e1aefe667a6bc849c19b3440acedf1

SHA256
95d448274bb6b534ce8c663626599948d226d815cc19ce1a1bc04f4283948e9d

SHA512
aaeb500e51bba56687a74743112c7e235625b43d5b4995ed3e68435ceaceddb55032b89c9ccd3c01a4213fc5cb8e85f9ff820ae6c44c5d315aba78a9e08c275e

Download Submit
\Users\Admin\AppData\Local\Temp\fTuE2h.f

Filesize
2.0MB

MD5
349e69d6debfbe7217aa3e2eff41d0c8

SHA1
66f9188dc9e1aefe667a6bc849c19b3440acedf1

SHA256
95d448274bb6b534ce8c663626599948d226d815cc19ce1a1bc04f4283948e9d

SHA512
aaeb500e51bba56687a74743112c7e235625b43d5b4995ed3e68435ceaceddb55032b89c9ccd3c01a4213fc5cb8e85f9ff820ae6c44c5d315aba78a9e08c275e

Download Submit
\Users\Admin\AppData\Local\Temp\fTuE2h.f

Filesize
2.0MB

MD5
349e69d6debfbe7217aa3e2eff41d0c8

SHA1
66f9188dc9e1aefe667a6bc849c19b3440acedf1

SHA256
95d448274bb6b534ce8c663626599948d226d815cc19ce1a1bc04f4283948e9d

SHA512
aaeb500e51bba56687a74743112c7e235625b43d5b4995ed3e68435ceaceddb55032b89c9ccd3c01a4213fc5cb8e85f9ff820ae6c44c5d315aba78a9e08c275e

Download Submit
memory/1488-236-0x0000000004900000-0x0000000004A21000-memory.dmp

Filesize
1.1MB

Download
memory/1488-244-0x0000000004B50000-0x0000000004C72000-memory.dmp

Filesize
1.1MB

Download
memory/1488-237-0x0000000004B50000-0x0000000004C72000-memory.dmp

Filesize
1.1MB

Download
memory/4324-149-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-179-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-123-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-124-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-126-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-127-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-128-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-129-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-130-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-131-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-154-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-133-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-134-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-135-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-136-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-137-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-138-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-140-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-139-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-141-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-142-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-143-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-144-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-145-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-146-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-148-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-147-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-120-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-150-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-152-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-181-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-121-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-132-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-155-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-156-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-157-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-158-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-159-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-160-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-161-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-162-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-163-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-164-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-165-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-166-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-167-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-169-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-170-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-171-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-172-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-168-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-173-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-174-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-175-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-176-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-177-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-178-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-119-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-118-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-153-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-180-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-151-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-182-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download
memory/4324-183-0x00000000776D0000-0x000000007785E000-memory.dmp

Filesize
1.6MB

Download