ff4b2ba176b69a7d0b1267b8e4a6a1c3a6385e9f5a2a20791d36e5f1cd2dabd7

Analysis

max time kernel
49s
max time network
148s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
23-11-2022 08:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff4b2ba176b69a7d0b1267b8e4a6a1c3a6385e9f5a2a20791d36e5f1cd2dabd7.exe
Size

1.6MB
MD5

a4b99341112beb4125f0bdad3bea69f8
SHA1

0bf388c7dd5d762585b7b2841118909ffc2a5700
SHA256

ff4b2ba176b69a7d0b1267b8e4a6a1c3a6385e9f5a2a20791d36e5f1cd2dabd7
SHA512

4fd73b7f10cbf37f7a17253c35042d5a41eb1cdbe3665523c4566c23e395e22570169560518d4d81a65d019c65f536477ed799f4facf6d104f194934f86b8420
SSDEEP

49152:gJ4Ncy2+f0XAewvvx5RS7LKaK2A2lzRyE:gJ4CIfiAewvZ4zAizd

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

Processes:

msiexec.exe

pid process

4892 msiexec.exe
4892 msiexec.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
4892	msiexec.exe
4892	msiexec.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

ff4b2ba176b69a7d0b1267b8e4a6a1c3a6385e9f5a2a20791d36e5f1cd2dabd7.exe

description	pid	process	target process
PID 2716 wrote to memory of 4892	2716	ff4b2ba176b69a7d0b1267b8e4a6a1c3a6385e9f5a2a20791d36e5f1cd2dabd7.exe	msiexec.exe
PID 2716 wrote to memory of 4892	2716	ff4b2ba176b69a7d0b1267b8e4a6a1c3a6385e9f5a2a20791d36e5f1cd2dabd7.exe	msiexec.exe
PID 2716 wrote to memory of 4892	2716	ff4b2ba176b69a7d0b1267b8e4a6a1c3a6385e9f5a2a20791d36e5f1cd2dabd7.exe	msiexec.exe

C:\Users\Admin\AppData\Local\Temp\ff4b2ba176b69a7d0b1267b8e4a6a1c3a6385e9f5a2a20791d36e5f1cd2dabd7.exe
"C:\Users\Admin\AppData\Local\Temp\ff4b2ba176b69a7d0b1267b8e4a6a1c3a6385e9f5a2a20791d36e5f1cd2dabd7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2716

C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\System32\msiexec.exe" -y .\GBa7T.0kv
2⤵
- Loads dropped DLL
PID:4892

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\GBa7T.0kv
Filesize
1.7MB

MD5
2d651abc49d33447713b0fd34f221ae8

SHA1
a20738055f2e9e14baec621d9c0f2fee612414ed

SHA256
631576338236d320ffffe02311493bad49605b5b93fe7a227888553de26ee35b

SHA512
d37ad62467e3bfb0aa39c8e593b53453f4f69868cc5e5f40256d96809410921171edb8882d0749d763538c5ef9a48ffaff7d59da48e8c9412abc856115a17c1e

Download Submit
\Users\Admin\AppData\Local\Temp\Gba7t.0kv
Filesize
1.7MB

MD5
2d651abc49d33447713b0fd34f221ae8

SHA1
a20738055f2e9e14baec621d9c0f2fee612414ed

SHA256
631576338236d320ffffe02311493bad49605b5b93fe7a227888553de26ee35b

SHA512
d37ad62467e3bfb0aa39c8e593b53453f4f69868cc5e5f40256d96809410921171edb8882d0749d763538c5ef9a48ffaff7d59da48e8c9412abc856115a17c1e

Download Submit
\Users\Admin\AppData\Local\Temp\Gba7t.0kv
Filesize
1.7MB

MD5
2d651abc49d33447713b0fd34f221ae8

SHA1
a20738055f2e9e14baec621d9c0f2fee612414ed

SHA256
631576338236d320ffffe02311493bad49605b5b93fe7a227888553de26ee35b

SHA512
d37ad62467e3bfb0aa39c8e593b53453f4f69868cc5e5f40256d96809410921171edb8882d0749d763538c5ef9a48ffaff7d59da48e8c9412abc856115a17c1e

Download Submit
memory/2716-116-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-117-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-118-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-119-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-121-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-122-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-124-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-125-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-126-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-127-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-128-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-129-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-130-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-131-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-132-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-133-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-134-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-135-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-136-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-137-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-138-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-139-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-140-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-141-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-142-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-143-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-144-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-145-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-146-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-147-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-148-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-149-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-150-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-151-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-152-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-153-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-154-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-155-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-156-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-157-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-158-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-159-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-160-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-161-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-162-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-163-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-164-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-165-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-166-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-167-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-168-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-169-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-170-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-171-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-172-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-173-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-174-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-175-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-176-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-177-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-178-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-179-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-180-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2716-181-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/4892-182-0x0000000000000000-mapping.dmp

Download
memory/4892-234-0x0000000004BA0000-0x0000000004CDB000-memory.dmp

Filesize
1.2MB

Download
memory/4892-235-0x0000000004E00000-0x0000000004F15000-memory.dmp

Filesize
1.1MB

Download
memory/4892-242-0x0000000004E00000-0x0000000004F15000-memory.dmp

Filesize
1.1MB

Download