b61dd31c971b2009e50ec55b67c4b32b0b5b3e1320e15c0342a6344735ddb1d3

Analysis

max time kernel
51s
max time network
147s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
23-11-2022 13:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b61dd31c971b2009e50ec55b67c4b32b0b5b3e1320e15c0342a6344735ddb1d3.exe
Size

1.7MB
MD5

8041d1ba21c76728e3d21d50633e9235
SHA1

7fbf6ecf1f91c0e76cb9379c77738be1c759e162
SHA256

b61dd31c971b2009e50ec55b67c4b32b0b5b3e1320e15c0342a6344735ddb1d3
SHA512

a30d258d5679be22554abedbe64e91575a93d6c3d8da7fd961c84afca094fafc8580e46a52deb61e3d686357eeab7304188f8bb64fef34950a5ffe22a91bc14b
SSDEEP

49152:084cpD7L4XazhdX53Uo6nXZRVkHJfrhpFwFaZSv2:6cpDwXazhdX538Jj6dhPwFaR

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

Processes:

rundll32.exerundll32.exe

pid process

2396 rundll32.exe
4200 rundll32.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
2396	rundll32.exe
4200	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

b61dd31c971b2009e50ec55b67c4b32b0b5b3e1320e15c0342a6344735ddb1d3.execontrol.exerundll32.exeRunDll32.exe

description	pid	process	target process
PID 2676 wrote to memory of 4860	2676	b61dd31c971b2009e50ec55b67c4b32b0b5b3e1320e15c0342a6344735ddb1d3.exe	control.exe
PID 2676 wrote to memory of 4860	2676	b61dd31c971b2009e50ec55b67c4b32b0b5b3e1320e15c0342a6344735ddb1d3.exe	control.exe
PID 2676 wrote to memory of 4860	2676	b61dd31c971b2009e50ec55b67c4b32b0b5b3e1320e15c0342a6344735ddb1d3.exe	control.exe
PID 4860 wrote to memory of 2396	4860	control.exe	rundll32.exe
PID 4860 wrote to memory of 2396	4860	control.exe	rundll32.exe
PID 4860 wrote to memory of 2396	4860	control.exe	rundll32.exe
PID 2396 wrote to memory of 4220	2396	rundll32.exe	RunDll32.exe
PID 2396 wrote to memory of 4220	2396	rundll32.exe	RunDll32.exe
PID 4220 wrote to memory of 4200	4220	RunDll32.exe	rundll32.exe
PID 4220 wrote to memory of 4200	4220	RunDll32.exe	rundll32.exe
PID 4220 wrote to memory of 4200	4220	RunDll32.exe	rundll32.exe

C:\Users\Admin\AppData\Local\Temp\b61dd31c971b2009e50ec55b67c4b32b0b5b3e1320e15c0342a6344735ddb1d3.exe
"C:\Users\Admin\AppData\Local\Temp\b61dd31c971b2009e50ec55b67c4b32b0b5b3e1320e15c0342a6344735ddb1d3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2676

C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe" .\PJPO2.H
2⤵
- Suspicious use of WriteProcessMemory
PID:4860

C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL .\PJPO2.H
3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2396

C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL .\PJPO2.H
4⤵
- Suspicious use of WriteProcessMemory
PID:4220

C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 .\PJPO2.H
5⤵
- Loads dropped DLL
PID:4200

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\PJPO2.H
Filesize
1.7MB

MD5
f65ff3fae8e8e1f907d8650972f5faf9

SHA1
d4519a05be554573e464d92a735237b6f3f8a2ea

SHA256
1676526550a9e3fe4a7998953077f5c2b8830f3affa3d03b29618ebe27608f0a

SHA512
580925991826f5515d19f2510281ebb3566100c459eaa171482e2e3880999d2519936ced49f263d5254d12061418eef59a1aedf256bfbc0065082fd93d5090ab

Download Submit
\Users\Admin\AppData\Local\Temp\pjPO2.H
Filesize
1.7MB

MD5
f65ff3fae8e8e1f907d8650972f5faf9

SHA1
d4519a05be554573e464d92a735237b6f3f8a2ea

SHA256
1676526550a9e3fe4a7998953077f5c2b8830f3affa3d03b29618ebe27608f0a

SHA512
580925991826f5515d19f2510281ebb3566100c459eaa171482e2e3880999d2519936ced49f263d5254d12061418eef59a1aedf256bfbc0065082fd93d5090ab

Download Submit
\Users\Admin\AppData\Local\Temp\pjPO2.H
Filesize
1.7MB

MD5
f65ff3fae8e8e1f907d8650972f5faf9

SHA1
d4519a05be554573e464d92a735237b6f3f8a2ea

SHA256
1676526550a9e3fe4a7998953077f5c2b8830f3affa3d03b29618ebe27608f0a

SHA512
580925991826f5515d19f2510281ebb3566100c459eaa171482e2e3880999d2519936ced49f263d5254d12061418eef59a1aedf256bfbc0065082fd93d5090ab

Download Submit
memory/2396-224-0x0000000000000000-mapping.dmp

Download
memory/2396-273-0x00000000054E0000-0x00000000055F0000-memory.dmp

Filesize
1.1MB

Download
memory/2396-274-0x0000000005700000-0x0000000005811000-memory.dmp

Filesize
1.1MB

Download
memory/2396-343-0x0000000005700000-0x0000000005811000-memory.dmp

Filesize
1.1MB

Download
memory/2676-150-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-124-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-120-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-121-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-123-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-154-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-125-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-127-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-126-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-128-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-155-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-129-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-131-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-132-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-134-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-135-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-136-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-133-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-138-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-137-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-139-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-140-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-141-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-142-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-143-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-144-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-145-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-146-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-148-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-153-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-149-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-117-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-151-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-152-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-147-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-118-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-130-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-156-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-157-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-158-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-159-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-160-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-161-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-162-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-163-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-164-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-166-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-165-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-167-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-169-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-168-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-170-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-171-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-172-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-173-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-174-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-175-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-176-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-177-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-178-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-179-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-115-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-116-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download
memory/4200-284-0x0000000000000000-mapping.dmp

Download
memory/4200-332-0x0000000005000000-0x0000000005110000-memory.dmp

Filesize
1.1MB

Download
memory/4200-333-0x0000000005220000-0x0000000005331000-memory.dmp

Filesize
1.1MB

Download
memory/4200-342-0x0000000005220000-0x0000000005331000-memory.dmp

Filesize
1.1MB

Download
memory/4220-283-0x0000000000000000-mapping.dmp

Download
memory/4860-180-0x0000000000000000-mapping.dmp

Download
memory/4860-181-0x00000000774C0000-0x000000007764E000-memory.dmp

Filesize
1.6MB

Download