3b7191d12e7f38205d617b66a1b8057841bd4c560fb79f19aeff40a85fe96a02

Analysis

max time kernel
52s
max time network
64s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
21-11-2022 20:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b7191d12e7f38205d617b66a1b8057841bd4c560fb79f19aeff40a85fe96a02.exe
Size

1.6MB
MD5

e5df4257598736d985c05e748117ca0c
SHA1

4f0de0f650b0afbf5b8f630542ae25a1ea4a59c7
SHA256

3b7191d12e7f38205d617b66a1b8057841bd4c560fb79f19aeff40a85fe96a02
SHA512

a60704d541c804a1ff628658144cb4dd9a00902f3a4dcfc279985f92268ad794fdacd8509c403aa974113babd9c27d25e26c38cf6e126e582ff608c09ceffad6
SSDEEP

24576:pLlgAi5bS+CY55kP14R1myFiMLO5aK742JXU7dlJMW6Oe4jnr+yXiiXk9cw3z2t:py5rkPQ1Qh2m4XS9z3zo

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1124	rundll32.exe
4044	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 4228	2740	3b7191d12e7f38205d617b66a1b8057841bd4c560fb79f19aeff40a85fe96a02.exe	66
PID 2740 wrote to memory of 4228	2740	3b7191d12e7f38205d617b66a1b8057841bd4c560fb79f19aeff40a85fe96a02.exe	66
PID 2740 wrote to memory of 4228	2740	3b7191d12e7f38205d617b66a1b8057841bd4c560fb79f19aeff40a85fe96a02.exe	66
PID 4228 wrote to memory of 1124	4228	control.exe	67
PID 4228 wrote to memory of 1124	4228	control.exe	67
PID 4228 wrote to memory of 1124	4228	control.exe	67
PID 1124 wrote to memory of 1768	1124	rundll32.exe	68
PID 1124 wrote to memory of 1768	1124	rundll32.exe	68
PID 1768 wrote to memory of 4044	1768	RunDll32.exe	69
PID 1768 wrote to memory of 4044	1768	RunDll32.exe	69
PID 1768 wrote to memory of 4044	1768	RunDll32.exe	69

C:\Users\Admin\AppData\Local\Temp\3b7191d12e7f38205d617b66a1b8057841bd4c560fb79f19aeff40a85fe96a02.exe
"C:\Users\Admin\AppData\Local\Temp\3b7191d12e7f38205d617b66a1b8057841bd4c560fb79f19aeff40a85fe96a02.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe" .\Y4qZS2w.W
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4228
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL .\Y4qZS2w.W
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1124
  - - C:\Windows\system32\RunDll32.exe
      C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL .\Y4qZS2w.W
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1768
    - - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 .\Y4qZS2w.W
        5⤵
        Loads dropped DLL
        
        PID:4044

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Y4qZS2w.W

Filesize
1.6MB

MD5
862aa25f3c177d4103bdba45a594b5fc

SHA1
521be87157ee92615b2d5e7ae4fe91cb6dbefb38

SHA256
f45ed0ebf2a082cec340e96341b51a901e0678dff0c1b2b992bed38454ee1a07

SHA512
faf2125faf12101ab964f0603562ac4826b93ccf1b0497759706967536550816f8d4c9d1673d3bceafc3739bad7570d4500984d3b7b9e1bf6f1ed7c04eae1aa4

Download Submit
\Users\Admin\AppData\Local\Temp\Y4qzS2w.w

Filesize
1.6MB

MD5
862aa25f3c177d4103bdba45a594b5fc

SHA1
521be87157ee92615b2d5e7ae4fe91cb6dbefb38

SHA256
f45ed0ebf2a082cec340e96341b51a901e0678dff0c1b2b992bed38454ee1a07

SHA512
faf2125faf12101ab964f0603562ac4826b93ccf1b0497759706967536550816f8d4c9d1673d3bceafc3739bad7570d4500984d3b7b9e1bf6f1ed7c04eae1aa4

Download Submit
\Users\Admin\AppData\Local\Temp\Y4qzS2w.w

Filesize
1.6MB

MD5
862aa25f3c177d4103bdba45a594b5fc

SHA1
521be87157ee92615b2d5e7ae4fe91cb6dbefb38

SHA256
f45ed0ebf2a082cec340e96341b51a901e0678dff0c1b2b992bed38454ee1a07

SHA512
faf2125faf12101ab964f0603562ac4826b93ccf1b0497759706967536550816f8d4c9d1673d3bceafc3739bad7570d4500984d3b7b9e1bf6f1ed7c04eae1aa4

Download Submit
memory/1124-273-0x0000000004CA0000-0x0000000004DBF000-memory.dmp

Filesize
1.1MB

Download
memory/1124-274-0x0000000004EC0000-0x0000000004FBB000-memory.dmp

Filesize
1004KB

Download
memory/1124-340-0x0000000004EC0000-0x0000000004FBB000-memory.dmp

Filesize
1004KB

Download
memory/2740-143-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-131-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-121-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-124-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-125-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-156-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-127-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-128-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-129-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-157-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-130-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-132-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-133-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-134-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-135-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-136-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-137-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-138-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-139-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-141-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-142-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-140-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-144-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-145-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-146-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-147-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-148-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-149-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-150-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-151-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-119-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-152-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-153-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-154-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-116-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-126-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-122-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-158-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-159-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-160-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-161-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-162-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-163-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-164-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-165-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-166-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-167-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-169-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-168-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-170-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-171-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-172-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-173-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-174-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-175-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-176-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-177-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-118-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-178-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-179-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-180-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-155-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2740-117-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/4044-330-0x0000000005400000-0x000000000551F000-memory.dmp

Filesize
1.1MB

Download
memory/4044-331-0x0000000005620000-0x000000000571B000-memory.dmp

Filesize
1004KB

Download
memory/4044-339-0x0000000005620000-0x000000000571B000-memory.dmp

Filesize
1004KB

Download
memory/4228-182-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download