ad725cd4958eb71806c37f41efef922f0ff94dcd6ba01c9b6004e6f259c18d0b

Analysis

max time kernel
8s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
28-11-2022 02:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad725cd4958eb71806c37f41efef922f0ff94dcd6ba01c9b6004e6f259c18d0b.exe
Size

654KB
MD5

239831e7cf8be91748bd79c16f8eeea2
SHA1

6bfa98fea08844fd30feeb965097ccb50b539190
SHA256

ad725cd4958eb71806c37f41efef922f0ff94dcd6ba01c9b6004e6f259c18d0b
SHA512

e7c8e21c1743ab49640e9e52673edf61109876cc39d33a086675c79bf8f011308075e1fce338cda085df5a10b001dc7543cacc6c8f72aeddb12ddc7a2719c88c
SSDEEP

12288:ZPRpGWp+35TXiTVrpVhzfwirES/rNkzNrvgdGqa3td/CaQNQ:ZnlsTGrnwirEiromGqCD/QO

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

setup.exe

pid process

936 setup.exe
Loads dropped DLL 6 IoCs

Processes:

ad725cd4958eb71806c37f41efef922f0ff94dcd6ba01c9b6004e6f259c18d0b.exesetup.exe

pid process

1668 ad725cd4958eb71806c37f41efef922f0ff94dcd6ba01c9b6004e6f259c18d0b.exe
936 setup.exe
936 setup.exe
936 setup.exe
936 setup.exe
936 setup.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
936	setup.exe

pid	process
1668	ad725cd4958eb71806c37f41efef922f0ff94dcd6ba01c9b6004e6f259c18d0b.exe
936	setup.exe
936	setup.exe
936	setup.exe
936	setup.exe
936	setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

ad725cd4958eb71806c37f41efef922f0ff94dcd6ba01c9b6004e6f259c18d0b.exe

description	pid	process	target process
PID 1668 wrote to memory of 936	1668	ad725cd4958eb71806c37f41efef922f0ff94dcd6ba01c9b6004e6f259c18d0b.exe	setup.exe
PID 1668 wrote to memory of 936	1668	ad725cd4958eb71806c37f41efef922f0ff94dcd6ba01c9b6004e6f259c18d0b.exe	setup.exe
PID 1668 wrote to memory of 936	1668	ad725cd4958eb71806c37f41efef922f0ff94dcd6ba01c9b6004e6f259c18d0b.exe	setup.exe
PID 1668 wrote to memory of 936	1668	ad725cd4958eb71806c37f41efef922f0ff94dcd6ba01c9b6004e6f259c18d0b.exe	setup.exe
PID 1668 wrote to memory of 936	1668	ad725cd4958eb71806c37f41efef922f0ff94dcd6ba01c9b6004e6f259c18d0b.exe	setup.exe
PID 1668 wrote to memory of 936	1668	ad725cd4958eb71806c37f41efef922f0ff94dcd6ba01c9b6004e6f259c18d0b.exe	setup.exe
PID 1668 wrote to memory of 936	1668	ad725cd4958eb71806c37f41efef922f0ff94dcd6ba01c9b6004e6f259c18d0b.exe	setup.exe

C:\Users\Admin\AppData\Local\Temp\ad725cd4958eb71806c37f41efef922f0ff94dcd6ba01c9b6004e6f259c18d0b.exe
"C:\Users\Admin\AppData\Local\Temp\ad725cd4958eb71806c37f41efef922f0ff94dcd6ba01c9b6004e6f259c18d0b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1668

C:\Users\Admin\AppData\Local\Temp\587D\setup.exe
C:\Users\Admin\AppData\Local\Temp\587D\setup.exe 00010400
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:936

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\587D\cdnins.dll
Filesize
84KB

MD5
60886d7eecc872a88f1bd09a94a4a630

SHA1
75e846358075a1d6284775468ed664bd1aa35f81

SHA256
7c9cbfa7cb594c680f4e66ad17806f382deb68bc40e0b7fb159b17167db34965

SHA512
352a2f192c9b249b1f61c640c86b8f901f7decb620ae81fed930769be0a4d81a40d2bf15220fceebbf6881c88dec11febbba712afd27714bfc32863b80ca7902

Download Submit
C:\Users\Admin\AppData\Local\Temp\587D\cdnprh.dll
Filesize
72KB

MD5
30a8bdf833e6900822fd4f1005316385

SHA1
110618528f1152c18b38b47e492cb3671dcbbc7e

SHA256
64f23e4815a1fd3a3e0afa73e77d32d91b441af6048f5d891c6c2397d22c489c

SHA512
68819448bc8ceeb9897cd6686995b56e0627420a04d3dd582116e38612dc6513d60219b98808089113f04790fa850f7f7806deeca9e964df0fa03e22832bd4bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\587D\setup.exe
Filesize
28KB

MD5
05ebb5ef9d4e31fb408647b386d9a305

SHA1
13fb51e2a5ed00d8e9dc35359495a58e1907edfe

SHA256
b57d6d21d87cd5b97b38ea8fc42ff141212f25ce53ecc1dc00c44dde00e70593

SHA512
7998970ad3c5ee8c57582a81960e361356d22966e5290d7e719b725e72763e0f6190a2bf31f9461d346086c6c3097fc1b595df227fbe697795b9ba2777f13dea

Download Submit
C:\Users\Admin\AppData\Local\Temp\587D\setup.exe
Filesize
28KB

MD5
05ebb5ef9d4e31fb408647b386d9a305

SHA1
13fb51e2a5ed00d8e9dc35359495a58e1907edfe

SHA256
b57d6d21d87cd5b97b38ea8fc42ff141212f25ce53ecc1dc00c44dde00e70593

SHA512
7998970ad3c5ee8c57582a81960e361356d22966e5290d7e719b725e72763e0f6190a2bf31f9461d346086c6c3097fc1b595df227fbe697795b9ba2777f13dea

Download Submit
C:\Users\Admin\AppData\Local\Temp\587D\src.dat
Filesize
139B

MD5
46fc96e4ce80e32df9e187a6e4431542

SHA1
909b7031eb93f7c8a31d1d81cd26fb90ee26d7fd

SHA256
cd62196c640db50b281d91e36e7511f8d6e797e4c01984ab1b2171b70ac58833

SHA512
88f486a788c7604883039beda7bf83d86c3cbe7c0c874aabc2bc4d04da18ab5e53e7b44b2126849464dffc2bc938d9a9b4c4185cf59c14ae43e9284532d561b0

Download Submit
\Users\Admin\AppData\Local\Temp\587D\cdnins.dll
Filesize
84KB

MD5
60886d7eecc872a88f1bd09a94a4a630

SHA1
75e846358075a1d6284775468ed664bd1aa35f81

SHA256
7c9cbfa7cb594c680f4e66ad17806f382deb68bc40e0b7fb159b17167db34965

SHA512
352a2f192c9b249b1f61c640c86b8f901f7decb620ae81fed930769be0a4d81a40d2bf15220fceebbf6881c88dec11febbba712afd27714bfc32863b80ca7902

Download Submit
\Users\Admin\AppData\Local\Temp\587D\cdnprh.dll
Filesize
72KB

MD5
30a8bdf833e6900822fd4f1005316385

SHA1
110618528f1152c18b38b47e492cb3671dcbbc7e

SHA256
64f23e4815a1fd3a3e0afa73e77d32d91b441af6048f5d891c6c2397d22c489c

SHA512
68819448bc8ceeb9897cd6686995b56e0627420a04d3dd582116e38612dc6513d60219b98808089113f04790fa850f7f7806deeca9e964df0fa03e22832bd4bd

Download Submit
\Users\Admin\AppData\Local\Temp\587D\setup.exe
Filesize
28KB

MD5
05ebb5ef9d4e31fb408647b386d9a305

SHA1
13fb51e2a5ed00d8e9dc35359495a58e1907edfe

SHA256
b57d6d21d87cd5b97b38ea8fc42ff141212f25ce53ecc1dc00c44dde00e70593

SHA512
7998970ad3c5ee8c57582a81960e361356d22966e5290d7e719b725e72763e0f6190a2bf31f9461d346086c6c3097fc1b595df227fbe697795b9ba2777f13dea

Download Submit
\Users\Admin\AppData\Local\Temp\587D\setup.exe
Filesize
28KB

MD5
05ebb5ef9d4e31fb408647b386d9a305

SHA1
13fb51e2a5ed00d8e9dc35359495a58e1907edfe

SHA256
b57d6d21d87cd5b97b38ea8fc42ff141212f25ce53ecc1dc00c44dde00e70593

SHA512
7998970ad3c5ee8c57582a81960e361356d22966e5290d7e719b725e72763e0f6190a2bf31f9461d346086c6c3097fc1b595df227fbe697795b9ba2777f13dea

Download Submit
\Users\Admin\AppData\Local\Temp\587D\setup.exe
Filesize
28KB

MD5
05ebb5ef9d4e31fb408647b386d9a305

SHA1
13fb51e2a5ed00d8e9dc35359495a58e1907edfe

SHA256
b57d6d21d87cd5b97b38ea8fc42ff141212f25ce53ecc1dc00c44dde00e70593

SHA512
7998970ad3c5ee8c57582a81960e361356d22966e5290d7e719b725e72763e0f6190a2bf31f9461d346086c6c3097fc1b595df227fbe697795b9ba2777f13dea

Download Submit
\Users\Admin\AppData\Local\Temp\587D\setup.exe
Filesize
28KB

MD5
05ebb5ef9d4e31fb408647b386d9a305

SHA1
13fb51e2a5ed00d8e9dc35359495a58e1907edfe

SHA256
b57d6d21d87cd5b97b38ea8fc42ff141212f25ce53ecc1dc00c44dde00e70593

SHA512
7998970ad3c5ee8c57582a81960e361356d22966e5290d7e719b725e72763e0f6190a2bf31f9461d346086c6c3097fc1b595df227fbe697795b9ba2777f13dea

Download Submit
memory/936-58-0x0000000000000000-mapping.dmp

Download
memory/1668-54-0x0000000075C81000-0x0000000075C83000-memory.dmp

Filesize
8KB

Download
memory/1668-56-0x0000000000D50000-0x0000000000FC0000-memory.dmp

Filesize
2.4MB

Download
memory/1668-55-0x0000000000400000-0x0000000000670000-memory.dmp

Filesize
2.4MB

Download
memory/1668-70-0x0000000000400000-0x0000000000670000-memory.dmp

Filesize
2.4MB

Download