198a5cd3443c764b0fd3a665ea25263846606f69740edcc6e7dca568a1321e1d

Analysis

max time kernel
144s
max time network
147s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
29-12-2022 00:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

198a5cd3443c764b0fd3a665ea25263846606f69740edcc6e7dca568a1321e1d.exe
Size

1.6MB
MD5

202f917224534a77a32b3e2c15e60804
SHA1

fe8a86d76a34f8d5a8091e9b187e9e4c26e0245c
SHA256

198a5cd3443c764b0fd3a665ea25263846606f69740edcc6e7dca568a1321e1d
SHA512

35ed3fdbf67ee86b2e2e2703fff7c2c9c1d9f32ad15f3d16548aa8a5eefddc4be9b57f9f08b1a9c290684a317116613d94d63bbd2503f96b94e1c32a277ab07e
SSDEEP

49152:zun+lZ+8My3cHeuCF+HvF3rhKrQD89ecxb:zKqROHeuCFgF7YED89r

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4604	rundll32.exe
3768	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3500 wrote to memory of 1356	3500	198a5cd3443c764b0fd3a665ea25263846606f69740edcc6e7dca568a1321e1d.exe	66
PID 3500 wrote to memory of 1356	3500	198a5cd3443c764b0fd3a665ea25263846606f69740edcc6e7dca568a1321e1d.exe	66
PID 3500 wrote to memory of 1356	3500	198a5cd3443c764b0fd3a665ea25263846606f69740edcc6e7dca568a1321e1d.exe	66
PID 1356 wrote to memory of 4604	1356	control.exe	67
PID 1356 wrote to memory of 4604	1356	control.exe	67
PID 1356 wrote to memory of 4604	1356	control.exe	67
PID 4604 wrote to memory of 5116	4604	rundll32.exe	68
PID 4604 wrote to memory of 5116	4604	rundll32.exe	68
PID 5116 wrote to memory of 3768	5116	RunDll32.exe	69
PID 5116 wrote to memory of 3768	5116	RunDll32.exe	69
PID 5116 wrote to memory of 3768	5116	RunDll32.exe	69

C:\Users\Admin\AppData\Local\Temp\198a5cd3443c764b0fd3a665ea25263846606f69740edcc6e7dca568a1321e1d.exe
"C:\Users\Admin\AppData\Local\Temp\198a5cd3443c764b0fd3a665ea25263846606f69740edcc6e7dca568a1321e1d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3500
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe" .\C13vreYh.c
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1356
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL .\C13vreYh.c
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:4604
  - - C:\Windows\system32\RunDll32.exe
      C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL .\C13vreYh.c
      4⤵
      Suspicious use of WriteProcessMemory
      PID:5116
    - - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 .\C13vreYh.c
        5⤵
        Loads dropped DLL
        
        PID:3768

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\C13vreYh.c

Filesize
1.5MB

MD5
b17c462e94412450fe2f51270042fc57

SHA1
31486090a022c7324eaecbce180b8ab83c0fa463

SHA256
f5e198abce5a306fd621978b027100343a6e54f1d9293d8998e5a901cc4eb69f

SHA512
23bc4b7051b9eb7d50e979e8177b18d2edc30e10c9b0b8949d2c8c2ca4d27ebcff58653fb0460cb45ced21db0181a072abb7c0aef356d012fafee27d6855b7eb

Download Submit
\Users\Admin\AppData\Local\Temp\C13vreyh.c

Filesize
1.5MB

MD5
b17c462e94412450fe2f51270042fc57

SHA1
31486090a022c7324eaecbce180b8ab83c0fa463

SHA256
f5e198abce5a306fd621978b027100343a6e54f1d9293d8998e5a901cc4eb69f

SHA512
23bc4b7051b9eb7d50e979e8177b18d2edc30e10c9b0b8949d2c8c2ca4d27ebcff58653fb0460cb45ced21db0181a072abb7c0aef356d012fafee27d6855b7eb

Download Submit
\Users\Admin\AppData\Local\Temp\C13vreyh.c

Filesize
1.5MB

MD5
b17c462e94412450fe2f51270042fc57

SHA1
31486090a022c7324eaecbce180b8ab83c0fa463

SHA256
f5e198abce5a306fd621978b027100343a6e54f1d9293d8998e5a901cc4eb69f

SHA512
23bc4b7051b9eb7d50e979e8177b18d2edc30e10c9b0b8949d2c8c2ca4d27ebcff58653fb0460cb45ced21db0181a072abb7c0aef356d012fafee27d6855b7eb

Download Submit
memory/1356-186-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/1356-185-0x0000000000000000-mapping.dmp

Download
memory/3500-155-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-133-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-123-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-125-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-126-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-160-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-128-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-130-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-132-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-162-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-135-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-134-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-131-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-137-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-138-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-139-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-140-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-141-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-136-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-142-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-143-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-144-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-146-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-145-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-147-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-149-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-150-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-148-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-153-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-152-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-154-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-121-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-151-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-156-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-120-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-129-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-122-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-163-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-161-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-159-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-157-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-165-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-166-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-164-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-167-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-168-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-169-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-170-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-171-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-174-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-173-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-172-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-175-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-176-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-178-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-179-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-180-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-177-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-181-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-184-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-183-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-182-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-158-0x00000000778E0000-0x0000000077A6E000-memory.dmp

Filesize
1.6MB

Download
memory/3768-284-0x0000000000000000-mapping.dmp

Download
memory/3768-329-0x0000000004970000-0x0000000004AF5000-memory.dmp

Filesize
1.5MB

Download
memory/4604-229-0x0000000000000000-mapping.dmp

Download
memory/4604-275-0x0000000004BD0000-0x0000000004D55000-memory.dmp

Filesize
1.5MB

Download
memory/4604-276-0x0000000072590000-0x000000007271C000-memory.dmp

Filesize
1.5MB

Download
memory/5116-283-0x0000000000000000-mapping.dmp

Download