ff4b2ba176b69a7d0b1267b8e4a6a1c3a6385e9f5a2a20791d36e5f1cd2dabd7

Analysis

max time kernel
49s
max time network
148s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
23-11-2022 08:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff4b2ba176b69a7d0b1267b8e4a6a1c3a6385e9f5a2a20791d36e5f1cd2dabd7.exe
Size

1.6MB
MD5

a4b99341112beb4125f0bdad3bea69f8
SHA1

0bf388c7dd5d762585b7b2841118909ffc2a5700
SHA256

ff4b2ba176b69a7d0b1267b8e4a6a1c3a6385e9f5a2a20791d36e5f1cd2dabd7
SHA512

4fd73b7f10cbf37f7a17253c35042d5a41eb1cdbe3665523c4566c23e395e22570169560518d4d81a65d019c65f536477ed799f4facf6d104f194934f86b8420
SSDEEP

49152:gJ4Ncy2+f0XAewvvx5RS7LKaK2A2lzRyE:gJ4CIfiAewvZ4zAizd

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

Processes:

msiexec.exe

pid process

4892 msiexec.exe
4892 msiexec.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
4892	msiexec.exe
4892	msiexec.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

ff4b2ba176b69a7d0b1267b8e4a6a1c3a6385e9f5a2a20791d36e5f1cd2dabd7.exe

description	pid	process	target process
PID 2716 wrote to memory of 4892	2716	ff4b2ba176b69a7d0b1267b8e4a6a1c3a6385e9f5a2a20791d36e5f1cd2dabd7.exe	msiexec.exe
PID 2716 wrote to memory of 4892	2716	ff4b2ba176b69a7d0b1267b8e4a6a1c3a6385e9f5a2a20791d36e5f1cd2dabd7.exe	msiexec.exe
PID 2716 wrote to memory of 4892	2716	ff4b2ba176b69a7d0b1267b8e4a6a1c3a6385e9f5a2a20791d36e5f1cd2dabd7.exe	msiexec.exe

C:\Users\Admin\AppData\Local\Temp\ff4b2ba176b69a7d0b1267b8e4a6a1c3a6385e9f5a2a20791d36e5f1cd2dabd7.exe
"C:\Users\Admin\AppData\Local\Temp\ff4b2ba176b69a7d0b1267b8e4a6a1c3a6385e9f5a2a20791d36e5f1cd2dabd7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2716

C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\System32\msiexec.exe" -y .\GBa7T.0kv
2⤵
- Loads dropped DLL
PID:4892

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\GBa7T.0kv

Filesize
1.7MB

MD5
2d651abc49d33447713b0fd34f221ae8

SHA1
a20738055f2e9e14baec621d9c0f2fee612414ed

SHA256
631576338236d320ffffe02311493bad49605b5b93fe7a227888553de26ee35b

SHA512
d37ad62467e3bfb0aa39c8e593b53453f4f69868cc5e5f40256d96809410921171edb8882d0749d763538c5ef9a48ffaff7d59da48e8c9412abc856115a17c1e

Download Submit
\Users\Admin\AppData\Local\Temp\Gba7t.0kv

Filesize
1.7MB

MD5
2d651abc49d33447713b0fd34f221ae8

SHA1
a20738055f2e9e14baec621d9c0f2fee612414ed

SHA256
631576338236d320ffffe02311493bad49605b5b93fe7a227888553de26ee35b

SHA512
d37ad62467e3bfb0aa39c8e593b53453f4f69868cc5e5f40256d96809410921171edb8882d0749d763538c5ef9a48ffaff7d59da48e8c9412abc856115a17c1e

Download Submit
\Users\Admin\AppData\Local\Temp\Gba7t.0kv

Filesize
1.7MB

MD5
2d651abc49d33447713b0fd34f221ae8

SHA1
a20738055f2e9e14baec621d9c0f2fee612414ed

SHA256
631576338236d320ffffe02311493bad49605b5b93fe7a227888553de26ee35b

SHA512
d37ad62467e3bfb0aa39c8e593b53453f4f69868cc5e5f40256d96809410921171edb8882d0749d763538c5ef9a48ffaff7d59da48e8c9412abc856115a17c1e

Download Submit
memory/2716-116-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-117-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-118-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-119-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-121-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-122-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-124-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-125-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-126-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-127-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-128-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-129-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-130-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-131-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-132-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-133-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-134-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-135-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-136-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-137-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-138-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-139-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-140-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-141-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-142-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-143-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-144-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-145-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-146-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-147-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-148-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-149-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-150-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-151-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-152-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-153-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-154-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-155-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-156-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-157-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-158-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-159-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-160-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-161-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-162-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-163-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-164-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-165-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-166-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-167-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-168-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-169-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-170-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-171-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-172-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-173-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-174-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-175-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-176-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-177-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-178-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-179-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-180-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-181-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/4892-182-0x0000000000000000-mapping.dmp

Download
memory/4892-234-0x0000000004BA0000-0x0000000004CDB000-memory.dmp

Filesize
1.2MB

Download
memory/4892-235-0x0000000004E00000-0x0000000004F15000-memory.dmp

Filesize
1.1MB

Download
memory/4892-242-0x0000000004E00000-0x0000000004F15000-memory.dmp

Filesize
1.1MB

Download