2aca3e65d0635b1d0c90de716f495c118a32d408e012f135f9845625382e5aa9

Analysis

max time kernel
34s
max time network
85s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 02:05

Target

2aca3e65d0635b1d0c90de716f495c118a32d408e012f135f9845625382e5aa9.dll
Size

52KB
MD5

948122d20511b0a8f01813028f35cf00
SHA1

9dfe671b6966fe01c92a64ac85c5f22a79de2c5e
SHA256

2aca3e65d0635b1d0c90de716f495c118a32d408e012f135f9845625382e5aa9
SHA512

ad245b03dd1d9fab02e4b4212d723cc364e1357c26ad0a584876450c735dcd86babcddcce4a37914cfc2d6e5e4cf2fc7f23bf963ee992b1fcb89eaf40a5ed75f
SSDEEP

768:xyO5cc6i3TJqHkwMzLV/ZdMIqTjG/82pR0QZhd+zPjKunTED4tWLwEcQ:xiri3EHk7h/ZdMMeQUzP5BG

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 952	1992	rundll32.exe	28
PID 1992 wrote to memory of 952	1992	rundll32.exe	28
PID 1992 wrote to memory of 952	1992	rundll32.exe	28
PID 1992 wrote to memory of 952	1992	rundll32.exe	28
PID 1992 wrote to memory of 952	1992	rundll32.exe	28
PID 1992 wrote to memory of 952	1992	rundll32.exe	28
PID 1992 wrote to memory of 952	1992	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2aca3e65d0635b1d0c90de716f495c118a32d408e012f135f9845625382e5aa9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2aca3e65d0635b1d0c90de716f495c118a32d408e012f135f9845625382e5aa9.dll,#1
  2⤵
  PID:952

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/952-54-0x0000000000000000-mapping.dmp

Download
memory/952-55-0x0000000075511000-0x0000000075513000-memory.dmp

Filesize
8KB

Download
memory/952-56-0x0000000074901000-0x0000000074903000-memory.dmp

Filesize
8KB

Download