0ff9d245ed581b8695b6b0ccc745424548579ed33c260c49efeab73456ad10ec

Analysis

max time kernel
63s
max time network
67s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
06/11/2022, 01:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0ff9d245ed581b8695b6b0ccc745424548579ed33c260c49efeab73456ad10ec.exe
Size

1.5MB
MD5

ba1f18b2fea90cbe9741105fa0ab67c4
SHA1

b092d96c5d3c829a9da0bf5cd744c3f769f0ae2b
SHA256

0ff9d245ed581b8695b6b0ccc745424548579ed33c260c49efeab73456ad10ec
SHA512

e018a686bc95f93256b6cccc6d1e21a0c8d4ad499ebe6f9867a12f5bb0dc6a7cb8d9a3619a8cafb6b9506c6c04b6969eed4e521ff00e13e1caee592cde5f268f
SSDEEP

24576:gJr8tE+gHq7IbLmhjDjeQBsa9GPhUNn+39Dq+f9/ImnOzJByq7LO2AwcY:gJ4NMn6iQJ9+Kn+tDzf9/dOlBB7LanY

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4892	rundll32.exe
1844	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings	0ff9d245ed581b8695b6b0ccc745424548579ed33c260c49efeab73456ad10ec.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 3308	4796	0ff9d245ed581b8695b6b0ccc745424548579ed33c260c49efeab73456ad10ec.exe	66
PID 4796 wrote to memory of 3308	4796	0ff9d245ed581b8695b6b0ccc745424548579ed33c260c49efeab73456ad10ec.exe	66
PID 4796 wrote to memory of 3308	4796	0ff9d245ed581b8695b6b0ccc745424548579ed33c260c49efeab73456ad10ec.exe	66
PID 3308 wrote to memory of 4892	3308	control.exe	68
PID 3308 wrote to memory of 4892	3308	control.exe	68
PID 3308 wrote to memory of 4892	3308	control.exe	68
PID 4892 wrote to memory of 3192	4892	rundll32.exe	69
PID 4892 wrote to memory of 3192	4892	rundll32.exe	69
PID 3192 wrote to memory of 1844	3192	RunDll32.exe	70
PID 3192 wrote to memory of 1844	3192	RunDll32.exe	70
PID 3192 wrote to memory of 1844	3192	RunDll32.exe	70

C:\Users\Admin\AppData\Local\Temp\0ff9d245ed581b8695b6b0ccc745424548579ed33c260c49efeab73456ad10ec.exe
"C:\Users\Admin\AppData\Local\Temp\0ff9d245ed581b8695b6b0ccc745424548579ed33c260c49efeab73456ad10ec.exe"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\B4SN_H.cPL",
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3308
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\B4SN_H.cPL",
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:4892
  - - C:\Windows\system32\RunDll32.exe
      C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\B4SN_H.cPL",
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3192
    - - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\B4SN_H.cPL",
        5⤵
        Loads dropped DLL
        
        PID:1844

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\B4SN_H.cPL

Filesize
1.4MB

MD5
540517572d8a677daca34f31c1ed96d5

SHA1
3a9c274b8c23d885d407f0fd08373e757868a79c

SHA256
6617bed4f44f01a88b3098261b29bcf946717409611831e64b90381ef30a6526

SHA512
5a304ec158f177eb5c82c4aaf5fe8d79d5d4e4fb80b018e2598f6cea092c9ea5f9f1046065f20288cca25fa554391bee08c5e933e3a9fccad76a2910e313fcd0

Download Submit
\Users\Admin\AppData\Local\Temp\b4SN_H.cpl

Filesize
1.4MB

MD5
540517572d8a677daca34f31c1ed96d5

SHA1
3a9c274b8c23d885d407f0fd08373e757868a79c

SHA256
6617bed4f44f01a88b3098261b29bcf946717409611831e64b90381ef30a6526

SHA512
5a304ec158f177eb5c82c4aaf5fe8d79d5d4e4fb80b018e2598f6cea092c9ea5f9f1046065f20288cca25fa554391bee08c5e933e3a9fccad76a2910e313fcd0

Download Submit
\Users\Admin\AppData\Local\Temp\b4SN_H.cpl

Filesize
1.4MB

MD5
540517572d8a677daca34f31c1ed96d5

SHA1
3a9c274b8c23d885d407f0fd08373e757868a79c

SHA256
6617bed4f44f01a88b3098261b29bcf946717409611831e64b90381ef30a6526

SHA512
5a304ec158f177eb5c82c4aaf5fe8d79d5d4e4fb80b018e2598f6cea092c9ea5f9f1046065f20288cca25fa554391bee08c5e933e3a9fccad76a2910e313fcd0

Download Submit
memory/1844-345-0x0000000005250000-0x000000000534B000-memory.dmp

Filesize
1004KB

Download
memory/1844-337-0x0000000005250000-0x000000000534B000-memory.dmp

Filesize
1004KB

Download
memory/1844-336-0x0000000005050000-0x000000000514E000-memory.dmp

Filesize
1016KB

Download
memory/4796-155-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-159-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-128-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-129-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-130-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-131-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-132-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-133-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-135-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-134-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-136-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-138-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-139-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-140-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-141-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-137-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-142-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-143-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-144-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-145-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-146-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-147-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-148-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-149-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-150-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-151-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-152-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-154-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-153-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-125-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-156-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-157-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-158-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-126-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-160-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-161-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-162-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-163-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-164-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-165-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-166-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-167-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-168-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-169-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-170-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-171-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-173-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-172-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-174-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-175-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-176-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-177-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-179-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-178-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-180-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-181-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-182-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-183-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-184-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-185-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-120-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-123-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-122-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4796-121-0x0000000077D90000-0x0000000077F1E000-memory.dmp

Filesize
1.6MB

Download
memory/4892-279-0x0000000005420000-0x000000000551E000-memory.dmp

Filesize
1016KB

Download
memory/4892-280-0x0000000005620000-0x000000000571B000-memory.dmp

Filesize
1004KB

Download
memory/4892-347-0x0000000005620000-0x000000000571B000-memory.dmp

Filesize
1004KB

Download