54cb65302f8e2b906d17e7df27362058cd1bf9929d7a374eef9012c6bcaeffd1

Analysis

max time kernel
154s
max time network
168s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
24/11/2022, 00:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54cb65302f8e2b906d17e7df27362058cd1bf9929d7a374eef9012c6bcaeffd1.exe
Size

1.8MB
MD5

a95d85afba977b18354fd425b8042e20
SHA1

add152c38a2c4be0253f78f6d493cfff3de960b3
SHA256

54cb65302f8e2b906d17e7df27362058cd1bf9929d7a374eef9012c6bcaeffd1
SHA512

5e630450afe068feb4e66c7aacb5d7fb6e4eebb4c6ace5f021b626e0e444ed849ba93b40b145dba5527d6cfbbcb7e57b6ad4c7da0e59abfa3a4b0885fcd7b68c
SSDEEP

24576:yhvJVJdMf0qkxb5HyyVD59DRuOvkH3e6HbRSC+F2QXHttI0sZdpJAC3MnYNPQ2Mz:C3dke5Hh5EOvkHdHbUCvm/spJDNmL

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4584	rundll32.exe
3204	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings	54cb65302f8e2b906d17e7df27362058cd1bf9929d7a374eef9012c6bcaeffd1.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3732 wrote to memory of 4540	3732	54cb65302f8e2b906d17e7df27362058cd1bf9929d7a374eef9012c6bcaeffd1.exe	66
PID 3732 wrote to memory of 4540	3732	54cb65302f8e2b906d17e7df27362058cd1bf9929d7a374eef9012c6bcaeffd1.exe	66
PID 3732 wrote to memory of 4540	3732	54cb65302f8e2b906d17e7df27362058cd1bf9929d7a374eef9012c6bcaeffd1.exe	66
PID 4540 wrote to memory of 4584	4540	control.exe	68
PID 4540 wrote to memory of 4584	4540	control.exe	68
PID 4540 wrote to memory of 4584	4540	control.exe	68
PID 4584 wrote to memory of 3196	4584	rundll32.exe	69
PID 4584 wrote to memory of 3196	4584	rundll32.exe	69
PID 3196 wrote to memory of 3204	3196	RunDll32.exe	70
PID 3196 wrote to memory of 3204	3196	RunDll32.exe	70
PID 3196 wrote to memory of 3204	3196	RunDll32.exe	70

C:\Users\Admin\AppData\Local\Temp\54cb65302f8e2b906d17e7df27362058cd1bf9929d7a374eef9012c6bcaeffd1.exe
"C:\Users\Admin\AppData\Local\Temp\54cb65302f8e2b906d17e7df27362058cd1bf9929d7a374eef9012c6bcaeffd1.exe"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3732
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\HA4rHJIZ.cPL",
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4540
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\HA4rHJIZ.cPL",
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:4584
  - - C:\Windows\system32\RunDll32.exe
      C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\HA4rHJIZ.cPL",
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3196
    - - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\HA4rHJIZ.cPL",
        5⤵
        Loads dropped DLL
        
        PID:3204

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\HA4rHJIZ.cPL

Filesize
1.6MB

MD5
4b7a6864f1e71ed9315f817eadf81bc7

SHA1
ccd8c7d3b7afa407972e49adc3794629ef7c1aa9

SHA256
d19628cc992338c0b1e566312f57a280937f8aec5f70e36f487d03c0cd7aef51

SHA512
bc32cdef894df415f5c4aa44663c6cf387c94548b531e978832a6b383104344f1f06f84e8fd3df1cae6772171673d93024b06746c52f3282d7b6b86788604b37

Download Submit
\Users\Admin\AppData\Local\Temp\ha4rHjIZ.cpl

Filesize
1.6MB

MD5
4b7a6864f1e71ed9315f817eadf81bc7

SHA1
ccd8c7d3b7afa407972e49adc3794629ef7c1aa9

SHA256
d19628cc992338c0b1e566312f57a280937f8aec5f70e36f487d03c0cd7aef51

SHA512
bc32cdef894df415f5c4aa44663c6cf387c94548b531e978832a6b383104344f1f06f84e8fd3df1cae6772171673d93024b06746c52f3282d7b6b86788604b37

Download Submit
\Users\Admin\AppData\Local\Temp\ha4rHjIZ.cpl

Filesize
1.6MB

MD5
4b7a6864f1e71ed9315f817eadf81bc7

SHA1
ccd8c7d3b7afa407972e49adc3794629ef7c1aa9

SHA256
d19628cc992338c0b1e566312f57a280937f8aec5f70e36f487d03c0cd7aef51

SHA512
bc32cdef894df415f5c4aa44663c6cf387c94548b531e978832a6b383104344f1f06f84e8fd3df1cae6772171673d93024b06746c52f3282d7b6b86788604b37

Download Submit
memory/3204-345-0x0000000004C80000-0x0000000004D72000-memory.dmp

Filesize
968KB

Download
memory/3204-336-0x0000000004C80000-0x0000000004D72000-memory.dmp

Filesize
968KB

Download
memory/3204-335-0x0000000004B80000-0x0000000004C72000-memory.dmp

Filesize
968KB

Download
memory/3732-151-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-156-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-122-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-124-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-125-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-126-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-127-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-128-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-129-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-130-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-131-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-132-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-133-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-134-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-135-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-136-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-137-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-138-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-139-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-140-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-141-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-142-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-143-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-144-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-145-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-146-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-147-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-148-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-149-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-150-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-119-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-152-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-153-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-157-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-121-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-155-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-154-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-158-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-159-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-160-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-161-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-162-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-163-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-164-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-165-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-167-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-166-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-168-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-169-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-170-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-171-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-172-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-173-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-174-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-175-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-176-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-177-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-178-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-179-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-180-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-181-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-116-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-118-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/3732-117-0x0000000077C90000-0x0000000077E1E000-memory.dmp

Filesize
1.6MB

Download
memory/4584-277-0x0000000004E80000-0x0000000004F72000-memory.dmp

Filesize
968KB

Download
memory/4584-276-0x0000000004C90000-0x0000000004D82000-memory.dmp

Filesize
968KB

Download
memory/4584-347-0x0000000004E80000-0x0000000004F72000-memory.dmp

Filesize
968KB

Download