271ef5958de8bdbf6d300b9a95512a9079212ab14406c2feb7a4a00f0517ed6f

Analysis

max time kernel
65s
max time network
69s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
01/12/2022, 05:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

271ef5958de8bdbf6d300b9a95512a9079212ab14406c2feb7a4a00f0517ed6f.exe
Size

1.7MB
MD5

e6e33f5a4505a189fb5873ee9edb719f
SHA1

318fdf4c13981fbbf87a4d1f3eeadf1cef8f1bbb
SHA256

271ef5958de8bdbf6d300b9a95512a9079212ab14406c2feb7a4a00f0517ed6f
SHA512

fba1f864120af6bee2ac78d32df08f36b4db94ac3e44859bed6fa35deb846f83b7b8c9a469d215bf6a86a553abfa07c9642ef4cd93fa0896a202c513b84a5630
SSDEEP

49152:VJ4oSJrYpv5LqV0E6LaXQttdR8c2ZN956R:VJ4eVqV0rwktCN956R

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2880	rundll32.exe
2880	rundll32.exe
5004	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 4720	2448	271ef5958de8bdbf6d300b9a95512a9079212ab14406c2feb7a4a00f0517ed6f.exe	66
PID 2448 wrote to memory of 4720	2448	271ef5958de8bdbf6d300b9a95512a9079212ab14406c2feb7a4a00f0517ed6f.exe	66
PID 2448 wrote to memory of 4720	2448	271ef5958de8bdbf6d300b9a95512a9079212ab14406c2feb7a4a00f0517ed6f.exe	66
PID 4720 wrote to memory of 2880	4720	control.exe	67
PID 4720 wrote to memory of 2880	4720	control.exe	67
PID 4720 wrote to memory of 2880	4720	control.exe	67
PID 2880 wrote to memory of 4844	2880	rundll32.exe	68
PID 2880 wrote to memory of 4844	2880	rundll32.exe	68
PID 4844 wrote to memory of 5004	4844	RunDll32.exe	69
PID 4844 wrote to memory of 5004	4844	RunDll32.exe	69
PID 4844 wrote to memory of 5004	4844	RunDll32.exe	69

C:\Users\Admin\AppData\Local\Temp\271ef5958de8bdbf6d300b9a95512a9079212ab14406c2feb7a4a00f0517ed6f.exe
"C:\Users\Admin\AppData\Local\Temp\271ef5958de8bdbf6d300b9a95512a9079212ab14406c2feb7a4a00f0517ed6f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe" .\Y1C7.3TW
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4720
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL .\Y1C7.3TW
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2880
  - - C:\Windows\system32\RunDll32.exe
      C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL .\Y1C7.3TW
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4844
    - - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 .\Y1C7.3TW
        5⤵
        Loads dropped DLL
        
        PID:5004

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Y1C7.3TW

Filesize
1.6MB

MD5
4d522a0946e8606db4d0b787827a0f38

SHA1
6d77e4382d3bd5cbdb671ace87db3975a84691ae

SHA256
984072d8020bb3670545ba91f19bd3ac856601570d88edeb5aaf67fa58d953b3

SHA512
3d9888c05690015ab22dbc7d7586295882c9f379662175ecba8c0ed26168b45cff3af80d37102a5b1596a0588b2ad4fa52a04453d75d4be4485a7c2e0eb65efb

Download Submit
\Users\Admin\AppData\Local\Temp\Y1C7.3TW

Filesize
1.6MB

MD5
4d522a0946e8606db4d0b787827a0f38

SHA1
6d77e4382d3bd5cbdb671ace87db3975a84691ae

SHA256
984072d8020bb3670545ba91f19bd3ac856601570d88edeb5aaf67fa58d953b3

SHA512
3d9888c05690015ab22dbc7d7586295882c9f379662175ecba8c0ed26168b45cff3af80d37102a5b1596a0588b2ad4fa52a04453d75d4be4485a7c2e0eb65efb

Download Submit
\Users\Admin\AppData\Local\Temp\Y1C7.3TW

Filesize
1.6MB

MD5
4d522a0946e8606db4d0b787827a0f38

SHA1
6d77e4382d3bd5cbdb671ace87db3975a84691ae

SHA256
984072d8020bb3670545ba91f19bd3ac856601570d88edeb5aaf67fa58d953b3

SHA512
3d9888c05690015ab22dbc7d7586295882c9f379662175ecba8c0ed26168b45cff3af80d37102a5b1596a0588b2ad4fa52a04453d75d4be4485a7c2e0eb65efb

Download Submit
\Users\Admin\AppData\Local\Temp\Y1C7.3TW

Filesize
1.6MB

MD5
4d522a0946e8606db4d0b787827a0f38

SHA1
6d77e4382d3bd5cbdb671ace87db3975a84691ae

SHA256
984072d8020bb3670545ba91f19bd3ac856601570d88edeb5aaf67fa58d953b3

SHA512
3d9888c05690015ab22dbc7d7586295882c9f379662175ecba8c0ed26168b45cff3af80d37102a5b1596a0588b2ad4fa52a04453d75d4be4485a7c2e0eb65efb

Download Submit
memory/2448-156-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-171-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-121-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-120-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-123-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-124-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-126-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-127-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-128-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-129-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-159-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-131-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-132-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-133-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-134-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-135-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-136-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-137-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-138-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-139-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-141-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-142-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-140-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-144-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-145-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-147-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-148-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-149-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-150-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-151-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-152-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-153-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-154-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-155-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-162-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-158-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-130-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-119-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-118-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-164-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-165-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-166-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-167-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-168-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-169-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-170-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-161-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-172-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-163-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-160-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-157-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-146-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-143-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-173-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-174-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-175-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-176-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-177-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-178-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-179-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-180-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-181-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2448-182-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/2880-278-0x0000000004AF0000-0x0000000004C21000-memory.dmp

Filesize
1.2MB

Download
memory/2880-279-0x0000000004D60000-0x0000000004E91000-memory.dmp

Filesize
1.2MB

Download
memory/2880-349-0x0000000004D60000-0x0000000004E91000-memory.dmp

Filesize
1.2MB

Download
memory/4720-184-0x0000000077830000-0x00000000779BE000-memory.dmp

Filesize
1.6MB

Download
memory/5004-337-0x0000000004D10000-0x0000000004E41000-memory.dmp

Filesize
1.2MB

Download
memory/5004-338-0x0000000004F80000-0x00000000050B1000-memory.dmp

Filesize
1.2MB

Download
memory/5004-347-0x0000000004F80000-0x00000000050B1000-memory.dmp

Filesize
1.2MB

Download