d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56

Analysis

max time kernel
150s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 02:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56.exe
Size

54KB
MD5

b047aa40129dc10333cf02d9935db56b
SHA1

eaefbe8544b5606bb68dd46f328d806563f0461e
SHA256

d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56
SHA512

239686a964b2f4ee5c6ca6b533cca9aa0a00e34baf22f47a4b03a441293a16b34af24756cc9cb30fe0c2346f7930445c1525ae38647f57f43367fc149b2f6b37
SSDEEP

384:aIQwN/ZxDnD90Ypw76YLC9rFA7DiJMkiAnt9+iI/l7Lum:bjN/3Oj7FC9rFK2Aot9+io9um

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1108	smcoc.exe

Loads dropped DLL 2 IoCs

pid	Process
1972	d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56.exe
1972	d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 1108	1972	d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56.exe	28
PID 1972 wrote to memory of 1108	1972	d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56.exe	28
PID 1972 wrote to memory of 1108	1972	d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56.exe	28
PID 1972 wrote to memory of 1108	1972	d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56.exe	28

C:\Users\Admin\AppData\Local\Temp\d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56.exe
"C:\Users\Admin\AppData\Local\Temp\d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Users\Admin\AppData\Local\Temp\smcoc.exe
  "C:\Users\Admin\AppData\Local\Temp\smcoc.exe"
  2⤵
  - Executes dropped EXE
  PID:1108

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\smcoc.exe

Filesize
55KB

MD5
cab6f1db32d87368900983f0f44c00f7

SHA1
61261d80470ae2bd25693d5994ca90d54ac2de0f

SHA256
955690a684982382e6e90f86c1503ba9b5b30e4b4df51a245b8ae2e133b52762

SHA512
6fdd4325de197532527ed209f2e1c958515d4f6112b92f8ee73d3885727aa33ab1054284ad832bb1a10a8e956108da8f26f39bf395f86381f40f9dd7e4fbcdb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\smcoc.exe

Filesize
55KB

MD5
cab6f1db32d87368900983f0f44c00f7

SHA1
61261d80470ae2bd25693d5994ca90d54ac2de0f

SHA256
955690a684982382e6e90f86c1503ba9b5b30e4b4df51a245b8ae2e133b52762

SHA512
6fdd4325de197532527ed209f2e1c958515d4f6112b92f8ee73d3885727aa33ab1054284ad832bb1a10a8e956108da8f26f39bf395f86381f40f9dd7e4fbcdb2

Download Submit
\Users\Admin\AppData\Local\Temp\smcoc.exe

Filesize
55KB

MD5
cab6f1db32d87368900983f0f44c00f7

SHA1
61261d80470ae2bd25693d5994ca90d54ac2de0f

SHA256
955690a684982382e6e90f86c1503ba9b5b30e4b4df51a245b8ae2e133b52762

SHA512
6fdd4325de197532527ed209f2e1c958515d4f6112b92f8ee73d3885727aa33ab1054284ad832bb1a10a8e956108da8f26f39bf395f86381f40f9dd7e4fbcdb2

Download Submit
\Users\Admin\AppData\Local\Temp\smcoc.exe

Filesize
55KB

MD5
cab6f1db32d87368900983f0f44c00f7

SHA1
61261d80470ae2bd25693d5994ca90d54ac2de0f

SHA256
955690a684982382e6e90f86c1503ba9b5b30e4b4df51a245b8ae2e133b52762

SHA512
6fdd4325de197532527ed209f2e1c958515d4f6112b92f8ee73d3885727aa33ab1054284ad832bb1a10a8e956108da8f26f39bf395f86381f40f9dd7e4fbcdb2

Download Submit
memory/1108-62-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/1972-54-0x0000000075981000-0x0000000075983000-memory.dmp

Filesize
8KB

Download
memory/1972-59-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download