cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3

Analysis

max time kernel
339s
max time network
377s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 19:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
Size

2.2MB
MD5

a50dbe0de91b8790688f41fd1c8f766a
SHA1

cb2fe854d981ea011e284d55083d1a675505ef68
SHA256

cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3
SHA512

03be9d10253d4a0e6fc81c270b6e62ed84922d00e539167ab9ad6c9c9476adfb0db9fd15809e15db2c9fe8ab0a3962415de25faf5110da64e7ee6d67a6bb9e76
SSDEEP

49152:pN4nFAOAWNCG/KsUr2aQLny4NqVuv9/Iju2xKn9UpzTepv4:0nFBMW6r2aQby4MVuvFMRxKn9Upzapg

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 27 IoCs

Processes:

cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe

pid	process
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe

description	pid	process	target process
PID 3628 wrote to memory of 4224	3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe	wmic.exe
PID 3628 wrote to memory of 4224	3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe	wmic.exe
PID 3628 wrote to memory of 4224	3628	cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe	wmic.exe

C:\Users\Admin\AppData\Local\Temp\cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe
"C:\Users\Admin\AppData\Local\Temp\cc739d9f6d862db3d9988faba7dddd8a85c6155cf3d374d41306f58f01adabc3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3628

C:\Windows\SysWOW64\Wbem\wmic.exe
wmic useraccount get name,sid
2⤵
PID:4224

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\DcryptDll.dll
Filesize
14KB

MD5
904beebec2790ee2ca0c90fc448ac7e0

SHA1
40fabf1eb0a3b7168351c4514c5288216cb1566d

SHA256
f730d9385bf72eac5d579bcf1f7e4330f1d239ca1054d4ead48e9e363d9f4222

SHA512
8bdbbaaf73e396cf9fd9866b3e824b7e70c59a2bdefdb3236387e60d0e645d011265fe79fb193f6c0d6abe2e9c01260720c71cd8f068fcc4624760511c54efaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\DcryptDll.dll
Filesize
14KB

MD5
904beebec2790ee2ca0c90fc448ac7e0

SHA1
40fabf1eb0a3b7168351c4514c5288216cb1566d

SHA256
f730d9385bf72eac5d579bcf1f7e4330f1d239ca1054d4ead48e9e363d9f4222

SHA512
8bdbbaaf73e396cf9fd9866b3e824b7e70c59a2bdefdb3236387e60d0e645d011265fe79fb193f6c0d6abe2e9c01260720c71cd8f068fcc4624760511c54efaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\IpConfig.dll
Filesize
114KB

MD5
a3ed6f7ea493b9644125d494fbf9a1e6

SHA1
ebeee67fb0b5b3302c69f47c5e7fca62e1a809d8

SHA256
ec0f85f8a9d6b77081ba0103f967ef6705b547bf27bcd866d77ac909d21a1e08

SHA512
7099e1bc78ba5727661aa49f75523126563a5ebccdff10cabf868ce5335821118384825f037fbf1408c416c0212aa702a5974bc54d1b63c9d0bcade140f9aae1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\IpConfig.dll
Filesize
114KB

MD5
a3ed6f7ea493b9644125d494fbf9a1e6

SHA1
ebeee67fb0b5b3302c69f47c5e7fca62e1a809d8

SHA256
ec0f85f8a9d6b77081ba0103f967ef6705b547bf27bcd866d77ac909d21a1e08

SHA512
7099e1bc78ba5727661aa49f75523126563a5ebccdff10cabf868ce5335821118384825f037fbf1408c416c0212aa702a5974bc54d1b63c9d0bcade140f9aae1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\System.dll
Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\inetc.dll
Filesize
20KB

MD5
4c01fdfd2b57b32046b3b3635a4f4df8

SHA1
e0af8e418cbe2b2783b5de93279a3b5dcb73490e

SHA256
b98e21645910f82b328f30c644b86c112969b42697e797671647b09eb40ad014

SHA512
cbd354536e2a970d31ba69024208673b1dc56603ad604ff17c5840b4371958fc22bafd90040ae3fb19ae9c248b2cfce08d0bc73cc93481f02c73b86dbc0697b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\inetc.dll
Filesize
20KB

MD5
4c01fdfd2b57b32046b3b3635a4f4df8

SHA1
e0af8e418cbe2b2783b5de93279a3b5dcb73490e

SHA256
b98e21645910f82b328f30c644b86c112969b42697e797671647b09eb40ad014

SHA512
cbd354536e2a970d31ba69024208673b1dc56603ad604ff17c5840b4371958fc22bafd90040ae3fb19ae9c248b2cfce08d0bc73cc93481f02c73b86dbc0697b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\inetc.dll
Filesize
20KB

MD5
4c01fdfd2b57b32046b3b3635a4f4df8

SHA1
e0af8e418cbe2b2783b5de93279a3b5dcb73490e

SHA256
b98e21645910f82b328f30c644b86c112969b42697e797671647b09eb40ad014

SHA512
cbd354536e2a970d31ba69024208673b1dc56603ad604ff17c5840b4371958fc22bafd90040ae3fb19ae9c248b2cfce08d0bc73cc93481f02c73b86dbc0697b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\inetc.dll
Filesize
20KB

MD5
4c01fdfd2b57b32046b3b3635a4f4df8

SHA1
e0af8e418cbe2b2783b5de93279a3b5dcb73490e

SHA256
b98e21645910f82b328f30c644b86c112969b42697e797671647b09eb40ad014

SHA512
cbd354536e2a970d31ba69024208673b1dc56603ad604ff17c5840b4371958fc22bafd90040ae3fb19ae9c248b2cfce08d0bc73cc93481f02c73b86dbc0697b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\inetc.dll
Filesize
20KB

MD5
4c01fdfd2b57b32046b3b3635a4f4df8

SHA1
e0af8e418cbe2b2783b5de93279a3b5dcb73490e

SHA256
b98e21645910f82b328f30c644b86c112969b42697e797671647b09eb40ad014

SHA512
cbd354536e2a970d31ba69024208673b1dc56603ad604ff17c5840b4371958fc22bafd90040ae3fb19ae9c248b2cfce08d0bc73cc93481f02c73b86dbc0697b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\inetc.dll
Filesize
20KB

MD5
4c01fdfd2b57b32046b3b3635a4f4df8

SHA1
e0af8e418cbe2b2783b5de93279a3b5dcb73490e

SHA256
b98e21645910f82b328f30c644b86c112969b42697e797671647b09eb40ad014

SHA512
cbd354536e2a970d31ba69024208673b1dc56603ad604ff17c5840b4371958fc22bafd90040ae3fb19ae9c248b2cfce08d0bc73cc93481f02c73b86dbc0697b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\inetc.dll
Filesize
20KB

MD5
4c01fdfd2b57b32046b3b3635a4f4df8

SHA1
e0af8e418cbe2b2783b5de93279a3b5dcb73490e

SHA256
b98e21645910f82b328f30c644b86c112969b42697e797671647b09eb40ad014

SHA512
cbd354536e2a970d31ba69024208673b1dc56603ad604ff17c5840b4371958fc22bafd90040ae3fb19ae9c248b2cfce08d0bc73cc93481f02c73b86dbc0697b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\inetc.dll
Filesize
20KB

MD5
4c01fdfd2b57b32046b3b3635a4f4df8

SHA1
e0af8e418cbe2b2783b5de93279a3b5dcb73490e

SHA256
b98e21645910f82b328f30c644b86c112969b42697e797671647b09eb40ad014

SHA512
cbd354536e2a970d31ba69024208673b1dc56603ad604ff17c5840b4371958fc22bafd90040ae3fb19ae9c248b2cfce08d0bc73cc93481f02c73b86dbc0697b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\inetc.dll
Filesize
20KB

MD5
4c01fdfd2b57b32046b3b3635a4f4df8

SHA1
e0af8e418cbe2b2783b5de93279a3b5dcb73490e

SHA256
b98e21645910f82b328f30c644b86c112969b42697e797671647b09eb40ad014

SHA512
cbd354536e2a970d31ba69024208673b1dc56603ad604ff17c5840b4371958fc22bafd90040ae3fb19ae9c248b2cfce08d0bc73cc93481f02c73b86dbc0697b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\inetc.dll
Filesize
20KB

MD5
4c01fdfd2b57b32046b3b3635a4f4df8

SHA1
e0af8e418cbe2b2783b5de93279a3b5dcb73490e

SHA256
b98e21645910f82b328f30c644b86c112969b42697e797671647b09eb40ad014

SHA512
cbd354536e2a970d31ba69024208673b1dc56603ad604ff17c5840b4371958fc22bafd90040ae3fb19ae9c248b2cfce08d0bc73cc93481f02c73b86dbc0697b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\inetc.dll
Filesize
20KB

MD5
4c01fdfd2b57b32046b3b3635a4f4df8

SHA1
e0af8e418cbe2b2783b5de93279a3b5dcb73490e

SHA256
b98e21645910f82b328f30c644b86c112969b42697e797671647b09eb40ad014

SHA512
cbd354536e2a970d31ba69024208673b1dc56603ad604ff17c5840b4371958fc22bafd90040ae3fb19ae9c248b2cfce08d0bc73cc93481f02c73b86dbc0697b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\inetc.dll
Filesize
20KB

MD5
4c01fdfd2b57b32046b3b3635a4f4df8

SHA1
e0af8e418cbe2b2783b5de93279a3b5dcb73490e

SHA256
b98e21645910f82b328f30c644b86c112969b42697e797671647b09eb40ad014

SHA512
cbd354536e2a970d31ba69024208673b1dc56603ad604ff17c5840b4371958fc22bafd90040ae3fb19ae9c248b2cfce08d0bc73cc93481f02c73b86dbc0697b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\inetc.dll
Filesize
20KB

MD5
4c01fdfd2b57b32046b3b3635a4f4df8

SHA1
e0af8e418cbe2b2783b5de93279a3b5dcb73490e

SHA256
b98e21645910f82b328f30c644b86c112969b42697e797671647b09eb40ad014

SHA512
cbd354536e2a970d31ba69024208673b1dc56603ad604ff17c5840b4371958fc22bafd90040ae3fb19ae9c248b2cfce08d0bc73cc93481f02c73b86dbc0697b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\inetc.dll
Filesize
20KB

MD5
4c01fdfd2b57b32046b3b3635a4f4df8

SHA1
e0af8e418cbe2b2783b5de93279a3b5dcb73490e

SHA256
b98e21645910f82b328f30c644b86c112969b42697e797671647b09eb40ad014

SHA512
cbd354536e2a970d31ba69024208673b1dc56603ad604ff17c5840b4371958fc22bafd90040ae3fb19ae9c248b2cfce08d0bc73cc93481f02c73b86dbc0697b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\inetc.dll
Filesize
20KB

MD5
4c01fdfd2b57b32046b3b3635a4f4df8

SHA1
e0af8e418cbe2b2783b5de93279a3b5dcb73490e

SHA256
b98e21645910f82b328f30c644b86c112969b42697e797671647b09eb40ad014

SHA512
cbd354536e2a970d31ba69024208673b1dc56603ad604ff17c5840b4371958fc22bafd90040ae3fb19ae9c248b2cfce08d0bc73cc93481f02c73b86dbc0697b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\inetc.dll
Filesize
20KB

MD5
4c01fdfd2b57b32046b3b3635a4f4df8

SHA1
e0af8e418cbe2b2783b5de93279a3b5dcb73490e

SHA256
b98e21645910f82b328f30c644b86c112969b42697e797671647b09eb40ad014

SHA512
cbd354536e2a970d31ba69024208673b1dc56603ad604ff17c5840b4371958fc22bafd90040ae3fb19ae9c248b2cfce08d0bc73cc93481f02c73b86dbc0697b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\md5dll.dll
Filesize
8KB

MD5
97960d7a18662dac9cd80a8c5e3c794b

SHA1
4c28449cefa9af46bb7a63e9b9ea66a2de0ea287

SHA256
e0d1dc6e4c5cc13fb2db08fc741da0d08b315ebc8d3b53baa61552625d19b9c3

SHA512
1baab7b5378f3a396b31bf63b01b7905759c9f1d17d71882af63338d64eceda1884c947d93e4d9ef911bded1ef061043c873a88b8272f1aa296731aa745e756c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\md5dll.dll
Filesize
8KB

MD5
97960d7a18662dac9cd80a8c5e3c794b

SHA1
4c28449cefa9af46bb7a63e9b9ea66a2de0ea287

SHA256
e0d1dc6e4c5cc13fb2db08fc741da0d08b315ebc8d3b53baa61552625d19b9c3

SHA512
1baab7b5378f3a396b31bf63b01b7905759c9f1d17d71882af63338d64eceda1884c947d93e4d9ef911bded1ef061043c873a88b8272f1aa296731aa745e756c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\nsExec.dll
Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\nsExec.dll
Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\nsisos.dll
Filesize
5KB

MD5
69806691d649ef1c8703fd9e29231d44

SHA1
e2193fcf5b4863605eec2a5eb17bf84c7ac00166

SHA256
ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

SHA512
5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF758.tmp\nsisos.dll
Filesize
5KB

MD5
69806691d649ef1c8703fd9e29231d44

SHA1
e2193fcf5b4863605eec2a5eb17bf84c7ac00166

SHA256
ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

SHA512
5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

Download Submit
memory/3628-158-0x0000000000891000-0x0000000000894000-memory.dmp

Filesize
12KB

Download
memory/3628-135-0x0000000002401000-0x0000000002404000-memory.dmp

Filesize
12KB

Download
memory/3628-138-0x00000000004A0000-0x00000000004C6000-memory.dmp

Filesize
152KB

Download
memory/3628-144-0x0000000000811000-0x0000000000814000-memory.dmp

Filesize
12KB

Download
memory/3628-147-0x0000000000811000-0x0000000000814000-memory.dmp

Filesize
12KB

Download
memory/4224-170-0x0000000000000000-mapping.dmp

Download