e460a17a222fe276e312b93913755790bd2e1b1831bfa06fa03dcede01da86f5

Analysis

max time kernel
56s
max time network
80s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
21/12/2022, 23:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e460a17a222fe276e312b93913755790bd2e1b1831bfa06fa03dcede01da86f5.exe
Size

1.8MB
MD5

8cf133d6df3d629a0035129dede4f2f9
SHA1

3e15c8636a7ab72f3115125005611f592d6f49a7
SHA256

e460a17a222fe276e312b93913755790bd2e1b1831bfa06fa03dcede01da86f5
SHA512

bef0888766f9570f05b063bcd14c201a6ca26649bdd4f608dd3264b4699b7898576fe694a7aae59c2881991c2a2059bcd9f64ba29204ed6d526bae723dabb865
SSDEEP

49152:A6Panh2qmsLBn2kzRNq3C463oPiEXqq180lKSqWTQ:fawqkmqyMXDPllqKQ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1500	rundll32.exe
4828	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings	e460a17a222fe276e312b93913755790bd2e1b1831bfa06fa03dcede01da86f5.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 3796	2676	e460a17a222fe276e312b93913755790bd2e1b1831bfa06fa03dcede01da86f5.exe	66
PID 2676 wrote to memory of 3796	2676	e460a17a222fe276e312b93913755790bd2e1b1831bfa06fa03dcede01da86f5.exe	66
PID 2676 wrote to memory of 3796	2676	e460a17a222fe276e312b93913755790bd2e1b1831bfa06fa03dcede01da86f5.exe	66
PID 3796 wrote to memory of 1500	3796	control.exe	68
PID 3796 wrote to memory of 1500	3796	control.exe	68
PID 3796 wrote to memory of 1500	3796	control.exe	68
PID 1500 wrote to memory of 4548	1500	rundll32.exe	69
PID 1500 wrote to memory of 4548	1500	rundll32.exe	69
PID 4548 wrote to memory of 4828	4548	RunDll32.exe	70
PID 4548 wrote to memory of 4828	4548	RunDll32.exe	70
PID 4548 wrote to memory of 4828	4548	RunDll32.exe	70

C:\Users\Admin\AppData\Local\Temp\e460a17a222fe276e312b93913755790bd2e1b1831bfa06fa03dcede01da86f5.exe
"C:\Users\Admin\AppData\Local\Temp\e460a17a222fe276e312b93913755790bd2e1b1831bfa06fa03dcede01da86f5.exe"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\jOoK.cpl",
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3796
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\jOoK.cpl",
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1500
  - - C:\Windows\system32\RunDll32.exe
      C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\jOoK.cpl",
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4548
    - - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\jOoK.cpl",
        5⤵
        Loads dropped DLL
        
        PID:4828

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\jOoK.cpl

Filesize
2.0MB

MD5
7bac5631012c3dc75e1535b2a838b5d2

SHA1
222f70fca793d27183a49c49d8c22526902fce2b

SHA256
c2b6951558cce05f7f359d347897cbb38aa870bd0d7cc849705235090fad60a7

SHA512
a5a6b29fd28f733a973db0338819cc3c0ac6d5c521c300ced095929e2ad0927a5062f95da3b599666928915124da1999014dd50fcd108dbca2e08b2105ef87d3

Download Submit
\Users\Admin\AppData\Local\Temp\jooK.cpl

Filesize
2.0MB

MD5
7bac5631012c3dc75e1535b2a838b5d2

SHA1
222f70fca793d27183a49c49d8c22526902fce2b

SHA256
c2b6951558cce05f7f359d347897cbb38aa870bd0d7cc849705235090fad60a7

SHA512
a5a6b29fd28f733a973db0338819cc3c0ac6d5c521c300ced095929e2ad0927a5062f95da3b599666928915124da1999014dd50fcd108dbca2e08b2105ef87d3

Download Submit
\Users\Admin\AppData\Local\Temp\jooK.cpl

Filesize
2.0MB

MD5
7bac5631012c3dc75e1535b2a838b5d2

SHA1
222f70fca793d27183a49c49d8c22526902fce2b

SHA256
c2b6951558cce05f7f359d347897cbb38aa870bd0d7cc849705235090fad60a7

SHA512
a5a6b29fd28f733a973db0338819cc3c0ac6d5c521c300ced095929e2ad0927a5062f95da3b599666928915124da1999014dd50fcd108dbca2e08b2105ef87d3

Download Submit
memory/1500-273-0x0000000005150000-0x0000000005342000-memory.dmp

Filesize
1.9MB

Download
memory/1500-274-0x0000000071D50000-0x0000000071F4E000-memory.dmp

Filesize
2.0MB

Download
memory/1500-332-0x0000000005150000-0x0000000005342000-memory.dmp

Filesize
1.9MB

Download
memory/1500-331-0x0000000071D50000-0x0000000071F4E000-memory.dmp

Filesize
2.0MB

Download
memory/2676-150-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-155-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-121-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-123-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-124-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-125-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-126-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-127-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-128-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-129-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-130-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-131-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-132-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-133-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-134-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-135-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-136-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-137-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-138-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-139-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-140-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-141-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-142-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-143-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-144-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-145-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-146-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-148-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-147-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-149-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-118-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-151-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-152-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-156-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-120-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-154-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-153-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-157-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-158-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-159-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-160-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-161-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-162-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-163-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-164-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-166-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-167-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-165-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-168-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-169-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-170-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-171-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-172-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-173-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-174-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-175-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-176-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-177-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-178-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-179-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-180-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-115-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-116-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/2676-117-0x0000000076EA0000-0x000000007702E000-memory.dmp

Filesize
1.6MB

Download
memory/4828-333-0x00000000045E0000-0x00000000047D2000-memory.dmp

Filesize
1.9MB

Download
memory/4828-342-0x00000000045E0000-0x00000000047D2000-memory.dmp

Filesize
1.9MB

Download