92c6df609046a60222cf050ad982a778923f809d5016c5f0cd09c565025d7c85

Analysis

max time kernel
269s
max time network
342s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 21:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c6df609046a60222cf050ad982a778923f809d5016c5f0cd09c565025d7c85.exe
Size

508KB
MD5

a8afc13b00c336114156453e11efbad7
SHA1

b40287154894e9543e3423faa78f4d324a9ce3bb
SHA256

92c6df609046a60222cf050ad982a778923f809d5016c5f0cd09c565025d7c85
SHA512

84e65574389e33654efae2d77cc98888fe27b1e5586a9fc42afb09098b1b25057081a1054322c028f2bc1731bef6e5fbbeee8f13a86cfb346c08c19cf09527d0
SSDEEP

6144:zAffEg+7irp6u7BDMnP5LhhFxZJWnZ8j7wJkcuGzG8:kXR+irMu79ERLhhFVWnS7TcvG8

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4244	240763718.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1840 wrote to memory of 4244	1840	92c6df609046a60222cf050ad982a778923f809d5016c5f0cd09c565025d7c85.exe	82
PID 1840 wrote to memory of 4244	1840	92c6df609046a60222cf050ad982a778923f809d5016c5f0cd09c565025d7c85.exe	82
PID 1840 wrote to memory of 4244	1840	92c6df609046a60222cf050ad982a778923f809d5016c5f0cd09c565025d7c85.exe	82

C:\Users\Admin\AppData\Local\Temp\92c6df609046a60222cf050ad982a778923f809d5016c5f0cd09c565025d7c85.exe
"C:\Users\Admin\AppData\Local\Temp\92c6df609046a60222cf050ad982a778923f809d5016c5f0cd09c565025d7c85.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1840
- C:\Users\Admin\AppData\Local\Temp\240763718.tmp
  C:\Users\Admin\AppData\Local\Temp\240763718.tmp
  2⤵
  - Executes dropped EXE
  PID:4244

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\240763718.tmp

Filesize
74.3MB

MD5
4cebbcb292215a2104d7846c32d5a3dc

SHA1
650215efe86e97834da73580d770d4edbee594bd

SHA256
17866b7f400b0b1fc2e24c33a7ebcd6abf4097d1d720fcf82cedcda290613bcb

SHA512
74aadb7ba242fe95279678e36cb7911ffdda9e22e15e6366b1193ba2307b085b8fdaa960e81562ad493942f127b586de2fa75f96a26730b8b1e657e24985b08b

Download Submit
C:\Users\Admin\AppData\Local\Temp\240763718.tmp

Filesize
74.3MB

MD5
4cebbcb292215a2104d7846c32d5a3dc

SHA1
650215efe86e97834da73580d770d4edbee594bd

SHA256
17866b7f400b0b1fc2e24c33a7ebcd6abf4097d1d720fcf82cedcda290613bcb

SHA512
74aadb7ba242fe95279678e36cb7911ffdda9e22e15e6366b1193ba2307b085b8fdaa960e81562ad493942f127b586de2fa75f96a26730b8b1e657e24985b08b

Download Submit
memory/4244-132-0x0000000000000000-mapping.dmp

Download