9c01770906ca923ecf7006f5042d4ec3d84853dc03dc52b1c59a028377007b29

Analysis

max time kernel
190s
max time network
212s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 08:56 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9c01770906ca923ecf7006f5042d4ec3d84853dc03dc52b1c59a028377007b29.exe
Size

1.1MB
MD5

b914f8bdc2b0bbe6efa71fc9aa60db93
SHA1

d9f0a02b223c26970236eeae30e9b7b68e62e983
SHA256

9c01770906ca923ecf7006f5042d4ec3d84853dc03dc52b1c59a028377007b29
SHA512

20ded7e2be4fbb1bafad13355dccfbb90e9cbe348a947ca598d60c86b792e42eb645c41b3c867d8ffe5c825f79edb8d52fa396623a7eb0bd26671597e82cba46
SSDEEP

24576:wS8+1aKtJzaxNniJ7VsVdU1uOBDZkzaxNniJ7VsVdU1uOBDZEtp:wn+19JmlisodRZkmlisodRZKp

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1148	9c01770906ca923ecf7006f5042d4ec3d84853dc03dc52b1c59a028377007b29.exe
1148	9c01770906ca923ecf7006f5042d4ec3d84853dc03dc52b1c59a028377007b29.exe
1148	9c01770906ca923ecf7006f5042d4ec3d84853dc03dc52b1c59a028377007b29.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\9c01770906ca923ecf7006f5042d4ec3d84853dc03dc52b1c59a028377007b29.exe
"C:\Users\Admin\AppData\Local\Temp\9c01770906ca923ecf7006f5042d4ec3d84853dc03dc52b1c59a028377007b29.exe"
1⤵
- Loads dropped DLL
PID:1148

Network

No results found

52.182.143.208:443

322 B
7
87.248.202.1:80

322 B
7
87.248.202.1:80

322 B
7
87.248.202.1:80

322 B
7
8.253.208.113:80

46 B
40 B
1
1

No results found

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gentee00\gentee.dll

Filesize
100KB

MD5
3cac0fba8f075595e71b9cea58dcc3ce

SHA1
b16da71b1bf35371b60288dce60a7f42902d2884

SHA256
2695ee687d5aebaa9bff6016ef774e339da7743c61da0febc119a072693df121

SHA512
f81697f90ccadb6fd1633a3e0db963db9544b008b7978d7420145ae9324a8ad5d3b8ca40d484356b44ad8e01338acce69c4a6bf1cdff674d29cc13d965569caf

Download Submit
C:\Users\Admin\AppData\Local\Temp\gentee00\guig.dll

Filesize
20KB

MD5
8168fef43575749aaea1bbdd03babe2b

SHA1
9b5dd4f9e3572b251a494b578f478c3f5cf3e234

SHA256
8faec1f1e85d89676ec7f07b58219930f3dddd828bb08b2dea94edf6082aab00

SHA512
6d67eca291bc96ef1451b42f4ff14b1d24ba84373f03f530736c1108fa26a425ea88dfe4fafceffb89e54c44b2206896d02ceb2fa170666ebbfae6400788c739

Download Submit
C:\Users\Admin\AppData\Local\Temp\gentee00\guig.dll

Filesize
20KB

MD5
8168fef43575749aaea1bbdd03babe2b

SHA1
9b5dd4f9e3572b251a494b578f478c3f5cf3e234

SHA256
8faec1f1e85d89676ec7f07b58219930f3dddd828bb08b2dea94edf6082aab00

SHA512
6d67eca291bc96ef1451b42f4ff14b1d24ba84373f03f530736c1108fa26a425ea88dfe4fafceffb89e54c44b2206896d02ceb2fa170666ebbfae6400788c739

Download Submit