3dbcf1eb90216a172bbf20aa528d9cee8991364eb709fa367af7ab05327a8df4

Analysis

max time kernel
43s
max time network
60s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
23/11/2022, 23:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3dbcf1eb90216a172bbf20aa528d9cee8991364eb709fa367af7ab05327a8df4.exe
Size

494KB
MD5

48f277eec837feea518e615f0fb475c0
SHA1

fb35bda10884baaca51167631ecf9c291eae50f6
SHA256

3dbcf1eb90216a172bbf20aa528d9cee8991364eb709fa367af7ab05327a8df4
SHA512

258a05be9dd659bc5b4629cfc98140160af0810b0e62b4c5bfd55be3bd22521ee8af80aea53ef80653160bc274e323966d9183be09569049030cae47213fb649
SSDEEP

6144:8cVEYJESxdqNJiplg5Ro7YkqNJ+QFNht8ZU4Eg2FQTyF+gmAoXoym:vV/Eydtj6Ro8kev8i4Ec34F

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1704	iexplores.exe

Loads dropped DLL 2 IoCs

pid	Process
1028	3dbcf1eb90216a172bbf20aa528d9cee8991364eb709fa367af7ab05327a8df4.exe
1028	3dbcf1eb90216a172bbf20aa528d9cee8991364eb709fa367af7ab05327a8df4.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\iexplores.exe	3dbcf1eb90216a172bbf20aa528d9cee8991364eb709fa367af7ab05327a8df4.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 1704	1028	3dbcf1eb90216a172bbf20aa528d9cee8991364eb709fa367af7ab05327a8df4.exe	27
PID 1028 wrote to memory of 1704	1028	3dbcf1eb90216a172bbf20aa528d9cee8991364eb709fa367af7ab05327a8df4.exe	27
PID 1028 wrote to memory of 1704	1028	3dbcf1eb90216a172bbf20aa528d9cee8991364eb709fa367af7ab05327a8df4.exe	27
PID 1028 wrote to memory of 1704	1028	3dbcf1eb90216a172bbf20aa528d9cee8991364eb709fa367af7ab05327a8df4.exe	27

C:\Users\Admin\AppData\Local\Temp\3dbcf1eb90216a172bbf20aa528d9cee8991364eb709fa367af7ab05327a8df4.exe
"C:\Users\Admin\AppData\Local\Temp\3dbcf1eb90216a172bbf20aa528d9cee8991364eb709fa367af7ab05327a8df4.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Program Files\Internet Explorer\iexplores.exe
  "C:\Program Files\Internet Explorer\iexplores.exe" /service
  2⤵
  - Executes dropped EXE
  PID:1704

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Internet Explorer\iexplores.exe

Filesize
364KB

MD5
c8826c1fa04975a31551befac4d2c6aa

SHA1
fc052eddcd8568d84227df1705a4c5a4466702a0

SHA256
f72c8fd5119bfc849de967a2ba546c4c319e3684fd69abcd50837b4d7055bfb1

SHA512
fa857edf6794c98d3abd85133ddfe772d0fbf033e3c3f0a537ae05f8128e238ee2ceb100027d78d0f640898439a64bf01c0ca12432c715c5df26c9a3b1d3edd5

Download Submit
\Program Files\Internet Explorer\iexplores.exe

Filesize
364KB

MD5
c8826c1fa04975a31551befac4d2c6aa

SHA1
fc052eddcd8568d84227df1705a4c5a4466702a0

SHA256
f72c8fd5119bfc849de967a2ba546c4c319e3684fd69abcd50837b4d7055bfb1

SHA512
fa857edf6794c98d3abd85133ddfe772d0fbf033e3c3f0a537ae05f8128e238ee2ceb100027d78d0f640898439a64bf01c0ca12432c715c5df26c9a3b1d3edd5

Download Submit
\Program Files\Internet Explorer\iexplores.exe

Filesize
364KB

MD5
c8826c1fa04975a31551befac4d2c6aa

SHA1
fc052eddcd8568d84227df1705a4c5a4466702a0

SHA256
f72c8fd5119bfc849de967a2ba546c4c319e3684fd69abcd50837b4d7055bfb1

SHA512
fa857edf6794c98d3abd85133ddfe772d0fbf033e3c3f0a537ae05f8128e238ee2ceb100027d78d0f640898439a64bf01c0ca12432c715c5df26c9a3b1d3edd5

Download Submit
memory/1028-54-0x0000000075111000-0x0000000075113000-memory.dmp

Filesize
8KB

Download