dfd7a0b6e637f31962a065238ab1618d89d79725a3a56e50e77273ea73127737

Analysis

max time kernel
5s
max time network
2s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/11/2022, 19:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dfd7a0b6e637f31962a065238ab1618d89d79725a3a56e50e77273ea73127737.exe
Size

617KB
MD5

98e39cec15d104c6fa3bdaf037447220
SHA1

a0ab2853282c0982a039168e5eaadcdb216843fb
SHA256

dfd7a0b6e637f31962a065238ab1618d89d79725a3a56e50e77273ea73127737
SHA512

b87c163b337e0abc5cca3f708148f70cc520ec50da6ea7345a01508a385cea020716db4e2a0b908436c78d12a87d6831714a280897c3e59a592c64ff6868f49e
SSDEEP

12288:EmkOys4sd4UDrhIkEx8FxRM7tJc5aGvZFo+rluZ1V82eYJdVwEH9I:EfOyDcFNhjuBa5l/o+rIBkYJdVwz

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2036	is-UCSMK.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2036	2228	dfd7a0b6e637f31962a065238ab1618d89d79725a3a56e50e77273ea73127737.exe	75
PID 2228 wrote to memory of 2036	2228	dfd7a0b6e637f31962a065238ab1618d89d79725a3a56e50e77273ea73127737.exe	75
PID 2228 wrote to memory of 2036	2228	dfd7a0b6e637f31962a065238ab1618d89d79725a3a56e50e77273ea73127737.exe	75

C:\Users\Admin\AppData\Local\Temp\dfd7a0b6e637f31962a065238ab1618d89d79725a3a56e50e77273ea73127737.exe
"C:\Users\Admin\AppData\Local\Temp\dfd7a0b6e637f31962a065238ab1618d89d79725a3a56e50e77273ea73127737.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Users\Admin\AppData\Local\Temp\is-E7HHJ.tmp\is-UCSMK.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-E7HHJ.tmp\is-UCSMK.tmp" /SL4 $F0062 "C:\Users\Admin\AppData\Local\Temp\dfd7a0b6e637f31962a065238ab1618d89d79725a3a56e50e77273ea73127737.exe" 392076 64000
  2⤵
  - Executes dropped EXE
  PID:2036

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-E7HHJ.tmp\is-UCSMK.tmp

Filesize
658KB

MD5
3782ef6526f6e0a9b0185afda777ebb6

SHA1
66f9bd1c553adcea6467435361e42c3c728bd8e7

SHA256
34bf7c67de39e087a3826602f21e8a43710d502403428f32cb69dca638126158

SHA512
e77d5bc601380377a079d9c76dfdf8c0eaaa66882d57e98a6ffd029681594a5fdd51d3e9e83b0b854801c15b23deb596ef2ef465a6bce489d99e508ec6e41507

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-E7HHJ.tmp\is-UCSMK.tmp

Filesize
658KB

MD5
3782ef6526f6e0a9b0185afda777ebb6

SHA1
66f9bd1c553adcea6467435361e42c3c728bd8e7

SHA256
34bf7c67de39e087a3826602f21e8a43710d502403428f32cb69dca638126158

SHA512
e77d5bc601380377a079d9c76dfdf8c0eaaa66882d57e98a6ffd029681594a5fdd51d3e9e83b0b854801c15b23deb596ef2ef465a6bce489d99e508ec6e41507

Download Submit
memory/2228-132-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2228-137-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download