ace82532ae490a229f124d32b41f418d7a16ed7ffff4953ed65d1a4ec0290bfd

Analysis

max time kernel
80s
max time network
82s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
03-11-2022 15:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ace82532ae490a229f124d32b41f418d7a16ed7ffff4953ed65d1a4ec0290bfd.exe
Size

1.8MB
MD5

b86168f835ab281fa0273f43d35de2aa
SHA1

fcadf380657bc0aaff8c520f0556ff23ca3bf0a8
SHA256

ace82532ae490a229f124d32b41f418d7a16ed7ffff4953ed65d1a4ec0290bfd
SHA512

b824cebc0bdacfde2f937c284f4f2b6f46daa30f59fb7ae75bd0905101601dfe8f8fe03a9cce07d892fa44d76ca57b9bbf02fb65cf5d482fc0d564efa231005e
SSDEEP

49152:m7qa0t4JQOkC7vHhGdY+ynkh2ICObq3BtwxpTSFA:m7V0D1Cht+ykh2ICaqQpS+

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3428	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 3428	2064	ace82532ae490a229f124d32b41f418d7a16ed7ffff4953ed65d1a4ec0290bfd.exe	66
PID 2064 wrote to memory of 3428	2064	ace82532ae490a229f124d32b41f418d7a16ed7ffff4953ed65d1a4ec0290bfd.exe	66
PID 2064 wrote to memory of 3428	2064	ace82532ae490a229f124d32b41f418d7a16ed7ffff4953ed65d1a4ec0290bfd.exe	66

C:\Users\Admin\AppData\Local\Temp\ace82532ae490a229f124d32b41f418d7a16ed7ffff4953ed65d1a4ec0290bfd.exe
"C:\Users\Admin\AppData\Local\Temp\ace82532ae490a229f124d32b41f418d7a16ed7ffff4953ed65d1a4ec0290bfd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Windows\SysWOW64\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /Y .\PZIP_fVG.QJf
  2⤵
  - Loads dropped DLL
  PID:3428

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\PZIP_fVG.QJf

Filesize
1.6MB

MD5
2c6f875bc5c9f8d7c519230e636cc5f2

SHA1
8b7f10e79d06f27c4f01b9c7ebfcf6121a114a1d

SHA256
7887380093d3db439e9819476c89e73396272e141eaee8e03fd905fc7ebf5a53

SHA512
d4f60746171717d10ab4ac9a84b69aece860fd361b9772f1aba46392761b8af99d89ef23707e899dd797dc57d0f4f876aabce22ad7147dcd58683533b730d32f

Download Submit
\Users\Admin\AppData\Local\Temp\PZip_fvg.QJf

Filesize
1.6MB

MD5
2c6f875bc5c9f8d7c519230e636cc5f2

SHA1
8b7f10e79d06f27c4f01b9c7ebfcf6121a114a1d

SHA256
7887380093d3db439e9819476c89e73396272e141eaee8e03fd905fc7ebf5a53

SHA512
d4f60746171717d10ab4ac9a84b69aece860fd361b9772f1aba46392761b8af99d89ef23707e899dd797dc57d0f4f876aabce22ad7147dcd58683533b730d32f

Download Submit
memory/2064-120-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-121-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-122-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-123-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-124-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-125-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-126-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-127-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-128-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-130-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-129-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-132-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-131-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-133-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-134-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-135-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-136-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-137-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-138-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-139-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-140-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-141-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-142-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-143-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-144-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-145-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-146-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-147-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-148-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-149-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-150-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-151-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-152-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-153-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-154-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-155-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-156-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-157-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-158-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-159-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-160-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-161-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-162-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-163-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-164-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-165-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-166-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-167-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-168-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-169-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-170-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-171-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-172-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-173-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-174-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-175-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-176-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-177-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-178-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-179-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-180-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-181-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2064-182-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/3428-184-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/3428-233-0x0000000004F00000-0x000000000500C000-memory.dmp

Filesize
1.0MB

Download
memory/3428-234-0x0000000005120000-0x000000000522C000-memory.dmp

Filesize
1.0MB

Download
memory/3428-241-0x0000000005120000-0x000000000522C000-memory.dmp

Filesize
1.0MB

Download