5f753019678981d6ec366ff58eb0b31217c1bc4c3495c1165209d0ee89b47351

Analysis

max time kernel
53s
max time network
75s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
29/12/2022, 00:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f753019678981d6ec366ff58eb0b31217c1bc4c3495c1165209d0ee89b47351.exe
Size

1.6MB
MD5

fc6b519d999a1794a9f03e20f826c63c
SHA1

e594b88bd0cec22bdfb04124b93dac32947018e7
SHA256

5f753019678981d6ec366ff58eb0b31217c1bc4c3495c1165209d0ee89b47351
SHA512

ce714137bcd934b8e53f1fad53d0c4d631f41e36ccc77496044060375bf9e19d430371128e8168851db7aa9489e073bc59af79f4ca8b4db8b8e46265a337715e
SSDEEP

49152:I/oSAlZ+8My3cHeuCF+HvF3rhKrQD89ecxv:I/ojROHeuCFgF7YED89/

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
4940	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 4940	2708	5f753019678981d6ec366ff58eb0b31217c1bc4c3495c1165209d0ee89b47351.exe	66
PID 2708 wrote to memory of 4940	2708	5f753019678981d6ec366ff58eb0b31217c1bc4c3495c1165209d0ee89b47351.exe	66
PID 2708 wrote to memory of 4940	2708	5f753019678981d6ec366ff58eb0b31217c1bc4c3495c1165209d0ee89b47351.exe	66

C:\Users\Admin\AppData\Local\Temp\5f753019678981d6ec366ff58eb0b31217c1bc4c3495c1165209d0ee89b47351.exe
"C:\Users\Admin\AppData\Local\Temp\5f753019678981d6ec366ff58eb0b31217c1bc4c3495c1165209d0ee89b47351.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Windows\SysWOW64\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /y .\tkXu4Aa.n
  2⤵
  - Loads dropped DLL
  PID:4940

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tkXu4Aa.n

Filesize
1.5MB

MD5
b17c462e94412450fe2f51270042fc57

SHA1
31486090a022c7324eaecbce180b8ab83c0fa463

SHA256
f5e198abce5a306fd621978b027100343a6e54f1d9293d8998e5a901cc4eb69f

SHA512
23bc4b7051b9eb7d50e979e8177b18d2edc30e10c9b0b8949d2c8c2ca4d27ebcff58653fb0460cb45ced21db0181a072abb7c0aef356d012fafee27d6855b7eb

Download Submit
\Users\Admin\AppData\Local\Temp\tkXu4Aa.n

Filesize
1.5MB

MD5
b17c462e94412450fe2f51270042fc57

SHA1
31486090a022c7324eaecbce180b8ab83c0fa463

SHA256
f5e198abce5a306fd621978b027100343a6e54f1d9293d8998e5a901cc4eb69f

SHA512
23bc4b7051b9eb7d50e979e8177b18d2edc30e10c9b0b8949d2c8c2ca4d27ebcff58653fb0460cb45ced21db0181a072abb7c0aef356d012fafee27d6855b7eb

Download Submit
memory/2708-115-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-116-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-117-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-118-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-120-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-121-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-123-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-124-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-125-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-126-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-127-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-128-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-129-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-130-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-131-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-132-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-133-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-134-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-135-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-136-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-137-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-138-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-139-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-140-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-141-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-142-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-144-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-145-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-146-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-143-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-147-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-148-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-149-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-150-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-151-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-152-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-153-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-154-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-155-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-156-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-157-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-158-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-159-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-160-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-161-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-162-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-163-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-164-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-166-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-167-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-168-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-169-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-165-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-170-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-171-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-172-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-173-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-174-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-175-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-176-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-177-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-178-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-179-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/2708-180-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/4940-230-0x0000000004BF0000-0x0000000004D75000-memory.dmp

Filesize
1.5MB

Download
memory/4940-231-0x0000000072780000-0x000000007290C000-memory.dmp

Filesize
1.5MB

Download