220eb326bc70df2c0a473834d0f677028c2e1b2768267f90774f678d970ccb1c

Analysis

max time kernel
99s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 12:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

220eb326bc70df2c0a473834d0f677028c2e1b2768267f90774f678d970ccb1c.exe
Size

9.9MB
MD5

e087256127583df071c59d35e46cdd3e
SHA1

67077e8a993ae502a0c972210cd4524893fb9b88
SHA256

220eb326bc70df2c0a473834d0f677028c2e1b2768267f90774f678d970ccb1c
SHA512

c03455172f76573a917767dbeb81881d6895fb598bdb414e8834ce4c10b5e28cedec911301ad0c3f1de484f5d88a45cca8ccb9250f14df9dc496731a8121a1ae
SSDEEP

196608:cIWMROFa13hQcPLLyrndvfKCcdGJnJ4cWq9mKD:CyOFIhxvQnRfKXG5UI

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1452	220eb326bc70df2c0a473834d0f677028c2e1b2768267f90774f678d970ccb1c.exe
1452	220eb326bc70df2c0a473834d0f677028c2e1b2768267f90774f678d970ccb1c.exe
1452	220eb326bc70df2c0a473834d0f677028c2e1b2768267f90774f678d970ccb1c.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1452	220eb326bc70df2c0a473834d0f677028c2e1b2768267f90774f678d970ccb1c.exe

C:\Users\Admin\AppData\Local\Temp\220eb326bc70df2c0a473834d0f677028c2e1b2768267f90774f678d970ccb1c.exe
"C:\Users\Admin\AppData\Local\Temp\220eb326bc70df2c0a473834d0f677028c2e1b2768267f90774f678d970ccb1c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1452

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nso792.tmp\Codejock.cjstyles

Filesize
1.3MB

MD5
6daada4b8d7ae20896d601d189880601

SHA1
7ce6e2cf2f8d21a2241feafe704c42e78527c6ae

SHA256
9bc80ce244a42af3e4c539bd131e71dc97cf258b90667e538b4fd08ff98665c5

SHA512
3e23ecfe48d23976230c6e83b0b0f894ad25d9f150811b2487f9a88e0a234e947842303e0d577da016ad285442f58b970736f5bc4779c8d61aa482934a455704

Download Submit
\Users\Admin\AppData\Local\Temp\nso792.tmp\ISSkinEx.dll

Filesize
379KB

MD5
a80a2c59aad01a5bd369d479f4f3cf3d

SHA1
c01b281cdaeba9f468c18185e6f01f78a0abf287

SHA256
282f40ed72cfc801ef88ab72a80c8824957aa554ece3b74842b48ecedfcf4755

SHA512
db67c30e07245e1e0ee5514faf35f6fdfd94a2884cdf82f7daba1eac571067448483b5564f758e273a57ae020941322c2174827ffef1915fc37a74f0fda2d39d

Download Submit
\Users\Admin\AppData\Local\Temp\nso792.tmp\System.dll

Filesize
16KB

MD5
cd9cc9fa5bf495f4e22a94836ae5c858

SHA1
7047c611d1ab61ec5617c75b4ea9364a51aaacd2

SHA256
185a185695b171cfe22a603cda9902cdb80455ad8655fb3d2e5ffb8a5599e7ef

SHA512
dcb435a8e1201c0ee82cd9f0c0c7792c4512ded10d8149fe4f7e13abe153a50da3fa388d7b3b3451875e47c05bc25cd9a12e0e83817b1954247d13fdd9db9067

Download Submit
memory/1452-54-0x0000000076941000-0x0000000076943000-memory.dmp

Filesize
8KB

Download
memory/1452-57-0x00000000756C0000-0x000000007575D000-memory.dmp

Filesize
628KB

Download
memory/1452-58-0x00000000757D0000-0x0000000075870000-memory.dmp

Filesize
640KB

Download
memory/1452-59-0x0000000076940000-0x000000007758A000-memory.dmp

Filesize
12.3MB

Download
memory/1452-60-0x0000000077590000-0x00000000775E7000-memory.dmp

Filesize
348KB

Download
memory/1452-61-0x0000000075FF0000-0x000000007614C000-memory.dmp

Filesize
1.4MB

Download
memory/1452-62-0x0000000075DB0000-0x0000000075E3F000-memory.dmp

Filesize
572KB

Download
memory/1452-63-0x00000000762B0000-0x000000007644D000-memory.dmp

Filesize
1.6MB

Download
memory/1452-64-0x0000000074F40000-0x0000000075035000-memory.dmp

Filesize
980KB

Download
memory/1452-65-0x0000000010000000-0x0000000010064000-memory.dmp

Filesize
400KB

Download
memory/1452-66-0x0000000074E20000-0x0000000074F3C000-memory.dmp

Filesize
1.1MB

Download
memory/1452-67-0x0000000074D90000-0x0000000074E1C000-memory.dmp

Filesize
560KB

Download
memory/1452-68-0x0000000074D50000-0x0000000074D82000-memory.dmp

Filesize
200KB

Download
memory/1452-70-0x00000000757D0000-0x0000000075870000-memory.dmp

Filesize
640KB

Download
memory/1452-69-0x0000000075780000-0x00000000757AA000-memory.dmp

Filesize
168KB

Download
memory/1452-72-0x0000000077590000-0x00000000775E7000-memory.dmp

Filesize
348KB

Download
memory/1452-71-0x0000000076940000-0x000000007758A000-memory.dmp

Filesize
12.3MB

Download
memory/1452-73-0x00000000752C0000-0x000000007545E000-memory.dmp

Filesize
1.6MB

Download
memory/1452-74-0x0000000075FF0000-0x000000007614C000-memory.dmp

Filesize
1.4MB

Download
memory/1452-75-0x00000000752B0000-0x00000000752B9000-memory.dmp

Filesize
36KB

Download
memory/1452-78-0x0000000075DB0000-0x0000000075E3F000-memory.dmp

Filesize
572KB

Download
memory/1452-79-0x00000000762B0000-0x000000007644D000-memory.dmp

Filesize
1.6MB

Download
memory/1452-80-0x0000000077680000-0x0000000077703000-memory.dmp

Filesize
524KB

Download
memory/1452-81-0x0000000074F40000-0x0000000075035000-memory.dmp

Filesize
980KB

Download
memory/1452-82-0x00000000751C0000-0x000000007520C000-memory.dmp

Filesize
304KB

Download
memory/1452-83-0x0000000075160000-0x000000007518E000-memory.dmp

Filesize
184KB

Download
memory/1452-84-0x0000000010000000-0x0000000010064000-memory.dmp

Filesize
400KB

Download
memory/1452-85-0x0000000074D50000-0x0000000074D82000-memory.dmp

Filesize
200KB

Download
memory/1452-86-0x0000000074CD0000-0x0000000074D09000-memory.dmp

Filesize
228KB

Download
memory/1452-87-0x0000000074C90000-0x0000000074CC6000-memory.dmp

Filesize
216KB

Download
memory/1452-88-0x00000000756C0000-0x000000007575D000-memory.dmp

Filesize
628KB

Download
memory/1452-89-0x00000000757D0000-0x0000000075870000-memory.dmp

Filesize
640KB

Download
memory/1452-90-0x0000000077590000-0x00000000775E7000-memory.dmp

Filesize
348KB

Download
memory/1452-91-0x00000000752C0000-0x000000007545E000-memory.dmp

Filesize
1.6MB

Download
memory/1452-93-0x0000000075DB0000-0x0000000075E3F000-memory.dmp

Filesize
572KB

Download
memory/1452-94-0x00000000762B0000-0x000000007644D000-memory.dmp

Filesize
1.6MB

Download
memory/1452-95-0x0000000076280000-0x00000000762A7000-memory.dmp

Filesize
156KB

Download
memory/1452-96-0x0000000077680000-0x0000000077703000-memory.dmp

Filesize
524KB

Download
memory/1452-97-0x0000000074F40000-0x0000000075035000-memory.dmp

Filesize
980KB

Download
memory/1452-98-0x0000000075160000-0x000000007518E000-memory.dmp

Filesize
184KB

Download
memory/1452-99-0x0000000010000000-0x0000000010064000-memory.dmp

Filesize
400KB

Download
memory/1452-100-0x0000000074D90000-0x0000000074E1C000-memory.dmp

Filesize
560KB

Download
memory/1452-103-0x00000000757D0000-0x0000000075870000-memory.dmp

Filesize
640KB

Download
memory/1452-102-0x0000000074CD0000-0x0000000074D09000-memory.dmp

Filesize
228KB

Download
memory/1452-104-0x0000000077590000-0x00000000775E7000-memory.dmp

Filesize
348KB

Download
memory/1452-108-0x00000000762B0000-0x000000007644D000-memory.dmp

Filesize
1.6MB

Download
memory/1452-105-0x00000000752C0000-0x000000007545E000-memory.dmp

Filesize
1.6MB

Download
memory/1452-101-0x0000000074D50000-0x0000000074D82000-memory.dmp

Filesize
200KB

Download
memory/1452-109-0x0000000077680000-0x0000000077703000-memory.dmp

Filesize
524KB

Download
memory/1452-106-0x00000000752B0000-0x00000000752B9000-memory.dmp

Filesize
36KB

Download
memory/1452-110-0x0000000074F40000-0x0000000075035000-memory.dmp

Filesize
980KB

Download
memory/1452-111-0x00000000751C0000-0x000000007520C000-memory.dmp

Filesize
304KB

Download
memory/1452-112-0x0000000075160000-0x000000007518E000-memory.dmp

Filesize
184KB

Download
memory/1452-114-0x0000000074D90000-0x0000000074E1C000-memory.dmp

Filesize
560KB

Download
memory/1452-116-0x0000000074CD0000-0x0000000074D09000-memory.dmp

Filesize
228KB

Download
memory/1452-118-0x00000000756C0000-0x000000007575D000-memory.dmp

Filesize
628KB

Download
memory/1452-119-0x00000000757D0000-0x0000000075870000-memory.dmp

Filesize
640KB

Download
memory/1452-121-0x00000000752C0000-0x000000007545E000-memory.dmp

Filesize
1.6MB

Download
memory/1452-120-0x0000000077590000-0x00000000775E7000-memory.dmp

Filesize
348KB

Download
memory/1452-122-0x00000000752B0000-0x00000000752B9000-memory.dmp

Filesize
36KB

Download
memory/1452-125-0x0000000075DB0000-0x0000000075E3F000-memory.dmp

Filesize
572KB

Download
memory/1452-117-0x0000000074C90000-0x0000000074CC6000-memory.dmp

Filesize
216KB

Download
memory/1452-115-0x0000000074D50000-0x0000000074D82000-memory.dmp

Filesize
200KB

Download
memory/1452-113-0x0000000010000000-0x0000000010064000-memory.dmp

Filesize
400KB

Download