df151f27d1fce8bff993bc43bf0d004179c54137ca59b599130f01f2a5df6d2a

Analysis

max time kernel
52s
max time network
59s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
22/12/2022, 07:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df151f27d1fce8bff993bc43bf0d004179c54137ca59b599130f01f2a5df6d2a.exe
Size

1.7MB
MD5

7b54bc5df84a9ee2aacca86fd256d93a
SHA1

762bf9fac85ec65698649fc23bbb7963de45e5fb
SHA256

df151f27d1fce8bff993bc43bf0d004179c54137ca59b599130f01f2a5df6d2a
SHA512

df7c98d3f45ca9944d883c0e64d9df81b5c9307d58371b80284d7eb213476b6f2751be1762b635c01fe148c40f822c39e1090004e7af9df22303c85e4a1a69f3
SSDEEP

49152:A6PaKopZo4tKjccXBg8e4VmSm13A2a7Fl:fa3wjrBsumSm1Q33

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4920	rundll32.exe
4136	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings	df151f27d1fce8bff993bc43bf0d004179c54137ca59b599130f01f2a5df6d2a.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 2020	2496	df151f27d1fce8bff993bc43bf0d004179c54137ca59b599130f01f2a5df6d2a.exe	66
PID 2496 wrote to memory of 2020	2496	df151f27d1fce8bff993bc43bf0d004179c54137ca59b599130f01f2a5df6d2a.exe	66
PID 2496 wrote to memory of 2020	2496	df151f27d1fce8bff993bc43bf0d004179c54137ca59b599130f01f2a5df6d2a.exe	66
PID 2020 wrote to memory of 4920	2020	control.exe	68
PID 2020 wrote to memory of 4920	2020	control.exe	68
PID 2020 wrote to memory of 4920	2020	control.exe	68
PID 4920 wrote to memory of 3988	4920	rundll32.exe	69
PID 4920 wrote to memory of 3988	4920	rundll32.exe	69
PID 3988 wrote to memory of 4136	3988	RunDll32.exe	70
PID 3988 wrote to memory of 4136	3988	RunDll32.exe	70
PID 3988 wrote to memory of 4136	3988	RunDll32.exe	70

C:\Users\Admin\AppData\Local\Temp\df151f27d1fce8bff993bc43bf0d004179c54137ca59b599130f01f2a5df6d2a.exe
"C:\Users\Admin\AppData\Local\Temp\df151f27d1fce8bff993bc43bf0d004179c54137ca59b599130f01f2a5df6d2a.exe"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\BlDt.CPL",
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2020
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\BlDt.CPL",
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:4920
  - - C:\Windows\system32\RunDll32.exe
      C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\BlDt.CPL",
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3988
    - - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\BlDt.CPL",
        5⤵
        Loads dropped DLL
        
        PID:4136

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\BlDt.CPL

Filesize
1.8MB

MD5
2055e11034e9fd135076b6fa5ea713b6

SHA1
3ab5392d57a17b43216fc543d71e907ebd906377

SHA256
40e61eef67fc90b4730552d45cfd0d4629eaeefb9f55262f5f7fe27bcbaae6d6

SHA512
9f267b7559738b09cd7e698d93aa0bb6ff5733d0b9f0357d8ec799c9ee424c12eb906d66fa021992fadb887cbdcd2e3159ebe14c0b30fc08a21255abc885668d

Download Submit
\Users\Admin\AppData\Local\Temp\BlDt.cpl

Filesize
1.8MB

MD5
2055e11034e9fd135076b6fa5ea713b6

SHA1
3ab5392d57a17b43216fc543d71e907ebd906377

SHA256
40e61eef67fc90b4730552d45cfd0d4629eaeefb9f55262f5f7fe27bcbaae6d6

SHA512
9f267b7559738b09cd7e698d93aa0bb6ff5733d0b9f0357d8ec799c9ee424c12eb906d66fa021992fadb887cbdcd2e3159ebe14c0b30fc08a21255abc885668d

Download Submit
\Users\Admin\AppData\Local\Temp\BlDt.cpl

Filesize
1.8MB

MD5
2055e11034e9fd135076b6fa5ea713b6

SHA1
3ab5392d57a17b43216fc543d71e907ebd906377

SHA256
40e61eef67fc90b4730552d45cfd0d4629eaeefb9f55262f5f7fe27bcbaae6d6

SHA512
9f267b7559738b09cd7e698d93aa0bb6ff5733d0b9f0357d8ec799c9ee424c12eb906d66fa021992fadb887cbdcd2e3159ebe14c0b30fc08a21255abc885668d

Download Submit
memory/2496-154-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-157-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-120-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-122-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-123-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-125-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-126-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-127-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-128-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-158-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-130-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-132-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-131-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-133-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-134-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-135-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-136-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-137-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-138-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-139-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-140-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-141-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-142-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-143-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-144-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-145-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-146-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-147-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-148-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-149-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-150-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-151-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-152-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-153-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-118-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-155-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-119-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-156-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-129-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-159-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-160-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-161-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-162-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-163-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-164-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-165-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-166-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-167-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-170-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-171-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-169-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-168-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-172-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-173-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-174-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-175-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-176-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-177-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-178-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-179-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-180-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-181-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-182-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/2496-117-0x0000000077580000-0x000000007770E000-memory.dmp

Filesize
1.6MB

Download
memory/4136-334-0x0000000004D10000-0x0000000004EDD000-memory.dmp

Filesize
1.8MB

Download
memory/4136-343-0x0000000004D10000-0x0000000004EDD000-memory.dmp

Filesize
1.8MB

Download
memory/4920-275-0x0000000004BB0000-0x0000000004D7D000-memory.dmp

Filesize
1.8MB

Download
memory/4920-276-0x0000000072450000-0x0000000072627000-memory.dmp

Filesize
1.8MB

Download
memory/4920-320-0x0000000072450000-0x0000000072627000-memory.dmp

Filesize
1.8MB

Download
memory/4920-344-0x0000000004BB0000-0x0000000004D7D000-memory.dmp

Filesize
1.8MB

Download