c2a12b86f7a9b80ffa871f3ae2dec57c0e0eeac01c3dde426a3386786c8a0707

Analysis

max time kernel
150s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 05:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c2a12b86f7a9b80ffa871f3ae2dec57c0e0eeac01c3dde426a3386786c8a0707.exe
Size

45KB
MD5

5af6a50976371dbe917ea69a5357ae70
SHA1

c09556fa8e140c822341f519d4cdf9de602b3c60
SHA256

c2a12b86f7a9b80ffa871f3ae2dec57c0e0eeac01c3dde426a3386786c8a0707
SHA512

88e1081f82d2955d5a22344a911e462d18a251b2f397240c3e818d69feeebe512a7d1336ba33c8bcd9c0c15e98a0b6d7d3f4579149ecf2deb92c4e2b67e73959
SSDEEP

768:bEy8rEkpo8i8K3UG98ik6KkuiSE32kVBp2YH4B:nwEuOk6ZuI32kVBpf4

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache	rundll32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
520	AcroRd32.exe
520	AcroRd32.exe
520	AcroRd32.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 1820	1600	c2a12b86f7a9b80ffa871f3ae2dec57c0e0eeac01c3dde426a3386786c8a0707.exe	27
PID 1600 wrote to memory of 1820	1600	c2a12b86f7a9b80ffa871f3ae2dec57c0e0eeac01c3dde426a3386786c8a0707.exe	27
PID 1600 wrote to memory of 1820	1600	c2a12b86f7a9b80ffa871f3ae2dec57c0e0eeac01c3dde426a3386786c8a0707.exe	27
PID 1600 wrote to memory of 1820	1600	c2a12b86f7a9b80ffa871f3ae2dec57c0e0eeac01c3dde426a3386786c8a0707.exe	27
PID 1600 wrote to memory of 1820	1600	c2a12b86f7a9b80ffa871f3ae2dec57c0e0eeac01c3dde426a3386786c8a0707.exe	27
PID 1600 wrote to memory of 1820	1600	c2a12b86f7a9b80ffa871f3ae2dec57c0e0eeac01c3dde426a3386786c8a0707.exe	27
PID 1600 wrote to memory of 1820	1600	c2a12b86f7a9b80ffa871f3ae2dec57c0e0eeac01c3dde426a3386786c8a0707.exe	27
PID 1820 wrote to memory of 520	1820	rundll32.exe	28
PID 1820 wrote to memory of 520	1820	rundll32.exe	28
PID 1820 wrote to memory of 520	1820	rundll32.exe	28
PID 1820 wrote to memory of 520	1820	rundll32.exe	28

C:\Users\Admin\AppData\Local\Temp\c2a12b86f7a9b80ffa871f3ae2dec57c0e0eeac01c3dde426a3386786c8a0707.exe
"C:\Users\Admin\AppData\Local\Temp\c2a12b86f7a9b80ffa871f3ae2dec57c0e0eeac01c3dde426a3386786c8a0707.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\SysWOW64\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\File system
  2⤵
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:1820
- - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\File system"
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:520

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\File system

Filesize
45KB

MD5
5af6a50976371dbe917ea69a5357ae70

SHA1
c09556fa8e140c822341f519d4cdf9de602b3c60

SHA256
c2a12b86f7a9b80ffa871f3ae2dec57c0e0eeac01c3dde426a3386786c8a0707

SHA512
88e1081f82d2955d5a22344a911e462d18a251b2f397240c3e818d69feeebe512a7d1336ba33c8bcd9c0c15e98a0b6d7d3f4579149ecf2deb92c4e2b67e73959

Download Submit
memory/1600-54-0x0000000076461000-0x0000000076463000-memory.dmp

Filesize
8KB

Download
memory/1600-57-0x0000000074440000-0x00000000749EB000-memory.dmp

Filesize
5.7MB

Download