4b46da541010e043253421db4f5539b18312e62a88c3ce0bdf54f7e371a60592

Analysis

max time kernel
66s
max time network
60s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
23-11-2022 12:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b46da541010e043253421db4f5539b18312e62a88c3ce0bdf54f7e371a60592.exe
Size

1.7MB
MD5

01b2678d0cfe3601334c8ed2afad3db2
SHA1

6d9e5bba4113d72812520eacb781e89686be7df0
SHA256

4b46da541010e043253421db4f5539b18312e62a88c3ce0bdf54f7e371a60592
SHA512

c3e7c879347ff14368d0a44f81a49e6ee55546437a31f3df46a22b4b5e8d390da74ba53010fd9a73f9785145a3932ead144db26c9f3eaac9b5cf86d503144ed3
SSDEEP

49152:KyjvFEmpicdDfdOConxZ7Vk/vp5Q/pl7G9Jq+C:KyjvFEcicdDfdabZunQ/f7G3q+C

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

Processes:

regsvr32.exe

pid process

3532 regsvr32.exe
3532 regsvr32.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
3532	regsvr32.exe
3532	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

4b46da541010e043253421db4f5539b18312e62a88c3ce0bdf54f7e371a60592.exe

description	pid	process	target process
PID 3068 wrote to memory of 3532	3068	4b46da541010e043253421db4f5539b18312e62a88c3ce0bdf54f7e371a60592.exe	regsvr32.exe
PID 3068 wrote to memory of 3532	3068	4b46da541010e043253421db4f5539b18312e62a88c3ce0bdf54f7e371a60592.exe	regsvr32.exe
PID 3068 wrote to memory of 3532	3068	4b46da541010e043253421db4f5539b18312e62a88c3ce0bdf54f7e371a60592.exe	regsvr32.exe

C:\Users\Admin\AppData\Local\Temp\4b46da541010e043253421db4f5539b18312e62a88c3ce0bdf54f7e371a60592.exe
"C:\Users\Admin\AppData\Local\Temp\4b46da541010e043253421db4f5539b18312e62a88c3ce0bdf54f7e371a60592.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3068

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" -u GMLMCPMT.DaX -S
2⤵
- Loads dropped DLL
PID:3532

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\GMLMCPMT.DaX

Filesize
1.7MB

MD5
83268add0dad538e2bf6fdd8641f81b7

SHA1
2d21361dc3ce43a218cb1a9a74d5271cac4d34ef

SHA256
3882062f05153a285a66078d33d1beca0a0fc94d955a1ed385846193d5f4e03c

SHA512
e4e8368f69b55db8e25c83d9606c081beb34494a754a28b3a24eb2257977ab3179262f6de7c9a24a38bfb71828cadd78a411ef7efbe07cd67b0d25783200aaf6

Download Submit
\Users\Admin\AppData\Local\Temp\GmlMCpMT.daX

Filesize
1.7MB

MD5
83268add0dad538e2bf6fdd8641f81b7

SHA1
2d21361dc3ce43a218cb1a9a74d5271cac4d34ef

SHA256
3882062f05153a285a66078d33d1beca0a0fc94d955a1ed385846193d5f4e03c

SHA512
e4e8368f69b55db8e25c83d9606c081beb34494a754a28b3a24eb2257977ab3179262f6de7c9a24a38bfb71828cadd78a411ef7efbe07cd67b0d25783200aaf6

Download Submit
\Users\Admin\AppData\Local\Temp\GmlMCpMT.daX

Filesize
1.7MB

MD5
83268add0dad538e2bf6fdd8641f81b7

SHA1
2d21361dc3ce43a218cb1a9a74d5271cac4d34ef

SHA256
3882062f05153a285a66078d33d1beca0a0fc94d955a1ed385846193d5f4e03c

SHA512
e4e8368f69b55db8e25c83d9606c081beb34494a754a28b3a24eb2257977ab3179262f6de7c9a24a38bfb71828cadd78a411ef7efbe07cd67b0d25783200aaf6

Download Submit
memory/3068-120-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-121-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-122-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-123-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-125-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-126-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-128-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-129-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-130-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-131-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-132-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-133-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-134-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-135-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-136-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-137-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-138-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-139-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-140-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-141-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-143-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-142-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-144-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-145-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-146-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-147-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-148-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-149-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-150-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-151-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-153-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-152-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-154-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-155-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-156-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-157-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-158-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-159-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-160-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-161-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-163-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-162-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-164-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-165-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-166-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-167-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-168-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-169-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-170-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-171-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-172-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-173-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-174-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-175-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-176-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-177-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-178-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-179-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-180-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-181-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-182-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-183-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-184-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-185-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3532-186-0x0000000000000000-mapping.dmp

Download
memory/3532-234-0x0000000004790000-0x00000000048A0000-memory.dmp

Filesize
1.1MB

Download
memory/3532-235-0x00000000049B0000-0x0000000004AC1000-memory.dmp

Filesize
1.1MB

Download
memory/3532-242-0x00000000049B0000-0x0000000004AC1000-memory.dmp

Filesize
1.1MB

Download