e292bc0a80cc7dc66ff3116336a17bb0d76c55ea91a6c9fed81debdec48c910c

Analysis

max time kernel
219s
max time network
333s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 12:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e292bc0a80cc7dc66ff3116336a17bb0d76c55ea91a6c9fed81debdec48c910c.exe
Size

10.5MB
MD5

19153a23d8bf242e0399ef05f352f04f
SHA1

20c06c0a0b98a45089ad288f354cfc4fc91dac41
SHA256

e292bc0a80cc7dc66ff3116336a17bb0d76c55ea91a6c9fed81debdec48c910c
SHA512

aae7ea8818b7cf4b2a5bd182a3cc5544b881e08bcbc5e731534e2eb8b70a765ddaf0855558fcdcd47dbb85c602331782ec8366359edd737558c3a94c64f55178
SSDEEP

196608:ScCuika88MiXKKP1pMjDo89ub0bVe7FIetA86PURwUdyvhfSfvg9DBUky:ECDM7tsU2U3vIu

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

Silverlight_4.0.60531_universal.exeinstall.exe

pid process

1472 Silverlight_4.0.60531_universal.exe
1112 install.exe

pid	process
1472	Silverlight_4.0.60531_universal.exe
1112	install.exe

Loads dropped DLL 9 IoCs

Processes:

e292bc0a80cc7dc66ff3116336a17bb0d76c55ea91a6c9fed81debdec48c910c.exeSilverlight_4.0.60531_universal.exeinstall.exe

pid	process
1484	e292bc0a80cc7dc66ff3116336a17bb0d76c55ea91a6c9fed81debdec48c910c.exe
1484	e292bc0a80cc7dc66ff3116336a17bb0d76c55ea91a6c9fed81debdec48c910c.exe
1484	e292bc0a80cc7dc66ff3116336a17bb0d76c55ea91a6c9fed81debdec48c910c.exe
1484	e292bc0a80cc7dc66ff3116336a17bb0d76c55ea91a6c9fed81debdec48c910c.exe
1484	e292bc0a80cc7dc66ff3116336a17bb0d76c55ea91a6c9fed81debdec48c910c.exe
1472	Silverlight_4.0.60531_universal.exe
1472	Silverlight_4.0.60531_universal.exe
1112	install.exe
1112	install.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

e292bc0a80cc7dc66ff3116336a17bb0d76c55ea91a6c9fed81debdec48c910c.exe

pid process

1484 e292bc0a80cc7dc66ff3116336a17bb0d76c55ea91a6c9fed81debdec48c910c.exe

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

e292bc0a80cc7dc66ff3116336a17bb0d76c55ea91a6c9fed81debdec48c910c.exeSilverlight_4.0.60531_universal.exe

description	pid	process	target process
PID 1484 wrote to memory of 1472	1484	e292bc0a80cc7dc66ff3116336a17bb0d76c55ea91a6c9fed81debdec48c910c.exe	Silverlight_4.0.60531_universal.exe
PID 1484 wrote to memory of 1472	1484	e292bc0a80cc7dc66ff3116336a17bb0d76c55ea91a6c9fed81debdec48c910c.exe	Silverlight_4.0.60531_universal.exe
PID 1484 wrote to memory of 1472	1484	e292bc0a80cc7dc66ff3116336a17bb0d76c55ea91a6c9fed81debdec48c910c.exe	Silverlight_4.0.60531_universal.exe
PID 1484 wrote to memory of 1472	1484	e292bc0a80cc7dc66ff3116336a17bb0d76c55ea91a6c9fed81debdec48c910c.exe	Silverlight_4.0.60531_universal.exe
PID 1484 wrote to memory of 1472	1484	e292bc0a80cc7dc66ff3116336a17bb0d76c55ea91a6c9fed81debdec48c910c.exe	Silverlight_4.0.60531_universal.exe
PID 1484 wrote to memory of 1472	1484	e292bc0a80cc7dc66ff3116336a17bb0d76c55ea91a6c9fed81debdec48c910c.exe	Silverlight_4.0.60531_universal.exe
PID 1484 wrote to memory of 1472	1484	e292bc0a80cc7dc66ff3116336a17bb0d76c55ea91a6c9fed81debdec48c910c.exe	Silverlight_4.0.60531_universal.exe
PID 1472 wrote to memory of 1112	1472	Silverlight_4.0.60531_universal.exe	install.exe
PID 1472 wrote to memory of 1112	1472	Silverlight_4.0.60531_universal.exe	install.exe
PID 1472 wrote to memory of 1112	1472	Silverlight_4.0.60531_universal.exe	install.exe
PID 1472 wrote to memory of 1112	1472	Silverlight_4.0.60531_universal.exe	install.exe
PID 1472 wrote to memory of 1112	1472	Silverlight_4.0.60531_universal.exe	install.exe
PID 1472 wrote to memory of 1112	1472	Silverlight_4.0.60531_universal.exe	install.exe
PID 1472 wrote to memory of 1112	1472	Silverlight_4.0.60531_universal.exe	install.exe

C:\Users\Admin\AppData\Local\Temp\e292bc0a80cc7dc66ff3116336a17bb0d76c55ea91a6c9fed81debdec48c910c.exe
"C:\Users\Admin\AppData\Local\Temp\e292bc0a80cc7dc66ff3116336a17bb0d76c55ea91a6c9fed81debdec48c910c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1484

C:\Users\Admin\AppData\Local\Temp\00046368\Silverlight_4.0.60531_universal.exe
"C:\Users\Admin\AppData\Local\Temp\00046368\Silverlight_4.0.60531_universal.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1472

\??\c:\56a87b9ee3db40d741857aeaf60cda\install.exe
c:\56a87b9ee3db40d741857aeaf60cda\install.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1112

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\56a87b9ee3db40d741857aeaf60cda\install.exe

Filesize
196KB

MD5
748892d1390c8e09e145378bc4e94fd8

SHA1
77919af37a82474b030c9b16a0cb44030eee8fa5

SHA256
e41ff13f799dc9e26595dcb2c21b58bc2dc1e0a5fc9956704a1e688aa6a16d2b

SHA512
5d3804b97ee428e55a603ef237e8adcaaf2ae897cdbe88d66089e8bc62512c3c880bad0553dd698dd06540060c232f7f595c171bfbec30480b4d5161a8151079

Download Submit
C:\Users\Admin\AppData\Local\Temp\00046368\Silverlight_4.0.60531_universal.exe

Filesize
6.0MB

MD5
0ffe0529d88d33e3b498b5d7896fcb92

SHA1
98888055263b9bb606dcf4842c73d08193639026

SHA256
0034c556cc32f772cdd62f9dcf6840adc1a926a37c8d2e90564cb30dc039f0f0

SHA512
57fdf4caffa92e0fec6aa5f4adc218f9ce1f0b2df183fb74a7b2f1584f8e533f8c1905c20d958be25001b0371c99b7c53474a218541441fe0d4951bdf5579ffe

Download Submit
C:\Users\Admin\AppData\Local\Temp\00046368\Silverlight_4.0.60531_universal.exe

Filesize
6.0MB

MD5
0ffe0529d88d33e3b498b5d7896fcb92

SHA1
98888055263b9bb606dcf4842c73d08193639026

SHA256
0034c556cc32f772cdd62f9dcf6840adc1a926a37c8d2e90564cb30dc039f0f0

SHA512
57fdf4caffa92e0fec6aa5f4adc218f9ce1f0b2df183fb74a7b2f1584f8e533f8c1905c20d958be25001b0371c99b7c53474a218541441fe0d4951bdf5579ffe

Download Submit
\56a87b9ee3db40d741857aeaf60cda\install.exe

Filesize
196KB

MD5
748892d1390c8e09e145378bc4e94fd8

SHA1
77919af37a82474b030c9b16a0cb44030eee8fa5

SHA256
e41ff13f799dc9e26595dcb2c21b58bc2dc1e0a5fc9956704a1e688aa6a16d2b

SHA512
5d3804b97ee428e55a603ef237e8adcaaf2ae897cdbe88d66089e8bc62512c3c880bad0553dd698dd06540060c232f7f595c171bfbec30480b4d5161a8151079

Download Submit
\56a87b9ee3db40d741857aeaf60cda\install.exe

Filesize
196KB

MD5
748892d1390c8e09e145378bc4e94fd8

SHA1
77919af37a82474b030c9b16a0cb44030eee8fa5

SHA256
e41ff13f799dc9e26595dcb2c21b58bc2dc1e0a5fc9956704a1e688aa6a16d2b

SHA512
5d3804b97ee428e55a603ef237e8adcaaf2ae897cdbe88d66089e8bc62512c3c880bad0553dd698dd06540060c232f7f595c171bfbec30480b4d5161a8151079

Download Submit
\56a87b9ee3db40d741857aeaf60cda\install.res.dll

Filesize
347KB

MD5
d6b11986cea77afe7bf575f5da16bbbb

SHA1
9d71efcdef8467b74fc4bf26405da90d0ac4959a

SHA256
a520eeae3826f6b451f7066690eaa3a9ae969c334c8680d6641145f849de12ea

SHA512
c7089a207bb227bf1f5ab9d16d74c2563fa7a3f9c700f8b0671a0d714acd53a1b2b1ebafbb642e24ff31fe377cde52f411f2e098f7921bf602c393d11b1e7e9f

Download Submit
\??\c:\56a87b9ee3db40d741857aeaf60cda\install.exe

Filesize
196KB

MD5
748892d1390c8e09e145378bc4e94fd8

SHA1
77919af37a82474b030c9b16a0cb44030eee8fa5

SHA256
e41ff13f799dc9e26595dcb2c21b58bc2dc1e0a5fc9956704a1e688aa6a16d2b

SHA512
5d3804b97ee428e55a603ef237e8adcaaf2ae897cdbe88d66089e8bc62512c3c880bad0553dd698dd06540060c232f7f595c171bfbec30480b4d5161a8151079

Download Submit
\??\c:\56a87b9ee3db40d741857aeaf60cda\install.res.dll

Filesize
347KB

MD5
d6b11986cea77afe7bf575f5da16bbbb

SHA1
9d71efcdef8467b74fc4bf26405da90d0ac4959a

SHA256
a520eeae3826f6b451f7066690eaa3a9ae969c334c8680d6641145f849de12ea

SHA512
c7089a207bb227bf1f5ab9d16d74c2563fa7a3f9c700f8b0671a0d714acd53a1b2b1ebafbb642e24ff31fe377cde52f411f2e098f7921bf602c393d11b1e7e9f

Download Submit
\Users\Admin\AppData\Local\Temp\00046368\Silverlight_4.0.60531_universal.exe

Filesize
6.0MB

MD5
0ffe0529d88d33e3b498b5d7896fcb92

SHA1
98888055263b9bb606dcf4842c73d08193639026

SHA256
0034c556cc32f772cdd62f9dcf6840adc1a926a37c8d2e90564cb30dc039f0f0

SHA512
57fdf4caffa92e0fec6aa5f4adc218f9ce1f0b2df183fb74a7b2f1584f8e533f8c1905c20d958be25001b0371c99b7c53474a218541441fe0d4951bdf5579ffe

Download Submit
\Users\Admin\AppData\Local\Temp\00046368\Silverlight_4.0.60531_universal.exe

Filesize
6.0MB

MD5
0ffe0529d88d33e3b498b5d7896fcb92

SHA1
98888055263b9bb606dcf4842c73d08193639026

SHA256
0034c556cc32f772cdd62f9dcf6840adc1a926a37c8d2e90564cb30dc039f0f0

SHA512
57fdf4caffa92e0fec6aa5f4adc218f9ce1f0b2df183fb74a7b2f1584f8e533f8c1905c20d958be25001b0371c99b7c53474a218541441fe0d4951bdf5579ffe

Download Submit
\Users\Admin\AppData\Local\Temp\00046368\Silverlight_4.0.60531_universal.exe

Filesize
6.0MB

MD5
0ffe0529d88d33e3b498b5d7896fcb92

SHA1
98888055263b9bb606dcf4842c73d08193639026

SHA256
0034c556cc32f772cdd62f9dcf6840adc1a926a37c8d2e90564cb30dc039f0f0

SHA512
57fdf4caffa92e0fec6aa5f4adc218f9ce1f0b2df183fb74a7b2f1584f8e533f8c1905c20d958be25001b0371c99b7c53474a218541441fe0d4951bdf5579ffe

Download Submit
\Users\Admin\AppData\Local\Temp\00046368\Silverlight_4.0.60531_universal.exe

Filesize
6.0MB

MD5
0ffe0529d88d33e3b498b5d7896fcb92

SHA1
98888055263b9bb606dcf4842c73d08193639026

SHA256
0034c556cc32f772cdd62f9dcf6840adc1a926a37c8d2e90564cb30dc039f0f0

SHA512
57fdf4caffa92e0fec6aa5f4adc218f9ce1f0b2df183fb74a7b2f1584f8e533f8c1905c20d958be25001b0371c99b7c53474a218541441fe0d4951bdf5579ffe

Download Submit
\Users\Admin\AppData\Local\Temp\00046368\Silverlight_4.0.60531_universal.exe

Filesize
6.0MB

MD5
0ffe0529d88d33e3b498b5d7896fcb92

SHA1
98888055263b9bb606dcf4842c73d08193639026

SHA256
0034c556cc32f772cdd62f9dcf6840adc1a926a37c8d2e90564cb30dc039f0f0

SHA512
57fdf4caffa92e0fec6aa5f4adc218f9ce1f0b2df183fb74a7b2f1584f8e533f8c1905c20d958be25001b0371c99b7c53474a218541441fe0d4951bdf5579ffe

Download Submit
\Users\Admin\AppData\Local\Temp\00046368\Silverlight_4.0.60531_universal.exe

Filesize
6.0MB

MD5
0ffe0529d88d33e3b498b5d7896fcb92

SHA1
98888055263b9bb606dcf4842c73d08193639026

SHA256
0034c556cc32f772cdd62f9dcf6840adc1a926a37c8d2e90564cb30dc039f0f0

SHA512
57fdf4caffa92e0fec6aa5f4adc218f9ce1f0b2df183fb74a7b2f1584f8e533f8c1905c20d958be25001b0371c99b7c53474a218541441fe0d4951bdf5579ffe

Download Submit
memory/1112-66-0x0000000000000000-mapping.dmp

Download
memory/1472-60-0x0000000000000000-mapping.dmp

Download
memory/1484-54-0x00000000757E1000-0x00000000757E3000-memory.dmp

Filesize
8KB

Download