a6ddba48ab18463bf8c6db4b8c06fbbd1d9d6f659ce3cb0ce954bfede9f94743

Analysis

max time kernel
52s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 11:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a6ddba48ab18463bf8c6db4b8c06fbbd1d9d6f659ce3cb0ce954bfede9f94743.exe
Size

365KB
MD5

ee7d906ce2100fd7f0c7be70413b5494
SHA1

4f83ad1732f59f733d07d56b614963e0d38bed39
SHA256

a6ddba48ab18463bf8c6db4b8c06fbbd1d9d6f659ce3cb0ce954bfede9f94743
SHA512

18ca5e7300ce177c86100aebcb64c858dbcc8c67c785823a28f66adcfd6549672529373a307e5effaa2be5102fd43a1061465a4d6d17a2c54bfc769e9cb90f1a
SSDEEP

6144:2Si07irC2F8NXC796TB9vj48UlL2XrzDcaTul3wMJInem5olCxjW:VDiZeVQkTrvj4sXrzDql16nBolX

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
568	Smart.exe
1980	Smart.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 568 set thread context of 1980	568	Smart.exe	29

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	568	Smart.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 960 wrote to memory of 568	960	a6ddba48ab18463bf8c6db4b8c06fbbd1d9d6f659ce3cb0ce954bfede9f94743.exe	28
PID 960 wrote to memory of 568	960	a6ddba48ab18463bf8c6db4b8c06fbbd1d9d6f659ce3cb0ce954bfede9f94743.exe	28
PID 960 wrote to memory of 568	960	a6ddba48ab18463bf8c6db4b8c06fbbd1d9d6f659ce3cb0ce954bfede9f94743.exe	28
PID 960 wrote to memory of 568	960	a6ddba48ab18463bf8c6db4b8c06fbbd1d9d6f659ce3cb0ce954bfede9f94743.exe	28
PID 568 wrote to memory of 1980	568	Smart.exe	29
PID 568 wrote to memory of 1980	568	Smart.exe	29
PID 568 wrote to memory of 1980	568	Smart.exe	29
PID 568 wrote to memory of 1980	568	Smart.exe	29
PID 568 wrote to memory of 1980	568	Smart.exe	29
PID 568 wrote to memory of 1980	568	Smart.exe	29
PID 568 wrote to memory of 1980	568	Smart.exe	29
PID 568 wrote to memory of 1980	568	Smart.exe	29

C:\Users\Admin\AppData\Local\Temp\a6ddba48ab18463bf8c6db4b8c06fbbd1d9d6f659ce3cb0ce954bfede9f94743.exe
"C:\Users\Admin\AppData\Local\Temp\a6ddba48ab18463bf8c6db4b8c06fbbd1d9d6f659ce3cb0ce954bfede9f94743.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:960
- C:\Users\Admin\AppData\Roaming\Smart-Services\Smart.exe
  "C:\Users\Admin\AppData\Roaming\Smart-Services\Smart.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:568
- - C:\Users\Admin\AppData\Roaming\Smart-Services\Smart.exe
    C:\Users\Admin\AppData\Roaming\Smart-Services\Smart.exe
    3⤵
    - Executes dropped EXE
    PID:1980

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Smart-Services\Smart.exe

Filesize
291KB

MD5
0298764dad6845747cbe2978a3f14acb

SHA1
316f4f843f2b316f194232818e892e771621a661

SHA256
83eb699d6d16558d49d985fc40aa62b5c8f71d34673f09250784dc6248093a82

SHA512
7f3295f6b1e395719c0a9e9c78f151c6277eeea0f302e999d0ea097aefa36339af6c7b4b6143ae6b3bf83bc2188449937674bc8f6bcf583e27d204079ee7e72e

Download Submit
C:\Users\Admin\AppData\Roaming\Smart-Services\Smart.exe

Filesize
291KB

MD5
0298764dad6845747cbe2978a3f14acb

SHA1
316f4f843f2b316f194232818e892e771621a661

SHA256
83eb699d6d16558d49d985fc40aa62b5c8f71d34673f09250784dc6248093a82

SHA512
7f3295f6b1e395719c0a9e9c78f151c6277eeea0f302e999d0ea097aefa36339af6c7b4b6143ae6b3bf83bc2188449937674bc8f6bcf583e27d204079ee7e72e

Download Submit
memory/568-92-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-97-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-63-0x0000000074770000-0x0000000074D1B000-memory.dmp

Filesize
5.7MB

Download
memory/568-64-0x0000000074770000-0x0000000074D1B000-memory.dmp

Filesize
5.7MB

Download
memory/568-58-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-70-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-71-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-69-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-68-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-67-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-65-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-73-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-74-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-75-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-72-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-77-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-78-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-79-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-76-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-81-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-82-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-83-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-80-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-85-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-86-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-84-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-87-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-88-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-89-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-91-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-90-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-93-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-66-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-62-0x0000000075351000-0x0000000075353000-memory.dmp

Filesize
8KB

Download
memory/568-117-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-94-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-98-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-96-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-100-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-99-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-102-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-103-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-104-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-101-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-106-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-105-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-108-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-109-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-107-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-111-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-110-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-113-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-112-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-115-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-116-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-114-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-118-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-95-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-120-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-119-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-121-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-122-0x0000000000230000-0x0000000000268000-memory.dmp

Filesize
224KB

Download
memory/568-140-0x0000000074770000-0x0000000074D1B000-memory.dmp

Filesize
5.7MB

Download
memory/960-55-0x000007FEF2910000-0x000007FEF39A6000-memory.dmp

Filesize
16.6MB

Download
memory/960-61-0x0000000001F26000-0x0000000001F45000-memory.dmp

Filesize
124KB

Download
memory/960-54-0x000007FEF39B0000-0x000007FEF43D3000-memory.dmp

Filesize
10.1MB

Download