d96b8916f26b39fe54691a9370835796a2282fc239378fd515056cf67a08e6b2

Analysis

max time kernel
54s
max time network
74s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
03/01/2023, 05:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d96b8916f26b39fe54691a9370835796a2282fc239378fd515056cf67a08e6b2.exe
Size

1.3MB
MD5

046838c4e89d482abf959268926918b8
SHA1

e8cafb7db83d0cd8cd58eea7061a5e37f8c76269
SHA256

d96b8916f26b39fe54691a9370835796a2282fc239378fd515056cf67a08e6b2
SHA512

99e7ddf7245862b3ee99e61a024d688eee9d3f2a2e330595a2d9030a4a16e7590ba2d1acc764dca427e5c78434011cd217cf5b0e6b291d81ecd24e194f4b685b
SSDEEP

24576:O208/RKHuEBguNrN7oBjZNxmEaTbJ6koH1A8TKtAQH2MM0/bfaiRvA5k:908/RYg+toBdNx2Yk0C8MAQHTraiRvAi

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
4956	rundll32.exe
3020	rundll32.exe
3020	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings	d96b8916f26b39fe54691a9370835796a2282fc239378fd515056cf67a08e6b2.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3528 wrote to memory of 4904	3528	d96b8916f26b39fe54691a9370835796a2282fc239378fd515056cf67a08e6b2.exe	66
PID 3528 wrote to memory of 4904	3528	d96b8916f26b39fe54691a9370835796a2282fc239378fd515056cf67a08e6b2.exe	66
PID 3528 wrote to memory of 4904	3528	d96b8916f26b39fe54691a9370835796a2282fc239378fd515056cf67a08e6b2.exe	66
PID 4904 wrote to memory of 4956	4904	control.exe	68
PID 4904 wrote to memory of 4956	4904	control.exe	68
PID 4904 wrote to memory of 4956	4904	control.exe	68
PID 4956 wrote to memory of 3380	4956	rundll32.exe	69
PID 4956 wrote to memory of 3380	4956	rundll32.exe	69
PID 3380 wrote to memory of 3020	3380	RunDll32.exe	70
PID 3380 wrote to memory of 3020	3380	RunDll32.exe	70
PID 3380 wrote to memory of 3020	3380	RunDll32.exe	70

C:\Users\Admin\AppData\Local\Temp\d96b8916f26b39fe54691a9370835796a2282fc239378fd515056cf67a08e6b2.exe
"C:\Users\Admin\AppData\Local\Temp\d96b8916f26b39fe54691a9370835796a2282fc239378fd515056cf67a08e6b2.exe"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3528
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\X87vu.cpl",
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4904
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\X87vu.cpl",
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:4956
  - - C:\Windows\system32\RunDll32.exe
      C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\X87vu.cpl",
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3380
    - - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\X87vu.cpl",
        5⤵
        Loads dropped DLL
        
        PID:3020

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\X87vu.cpl

Filesize
1.4MB

MD5
97aa9f41f70d700d3a09c5758e0d4495

SHA1
b828da70a101d4ea5b61e27ff5be5d8ffc4c45bd

SHA256
c16048323f00fe1cf492e8f2758694c42a9027551c5b94673a473c4468e81a0b

SHA512
ea98ac90368785eb63516e0af38aa31b8e0555045b26b70a72108f9c07a6bef58bfd303da02e16b3aef3deca41901bb034d6cc1f341f25edf86b799a347ab84b

Download Submit
\Users\Admin\AppData\Local\Temp\X87vu.cpl

Filesize
1.4MB

MD5
97aa9f41f70d700d3a09c5758e0d4495

SHA1
b828da70a101d4ea5b61e27ff5be5d8ffc4c45bd

SHA256
c16048323f00fe1cf492e8f2758694c42a9027551c5b94673a473c4468e81a0b

SHA512
ea98ac90368785eb63516e0af38aa31b8e0555045b26b70a72108f9c07a6bef58bfd303da02e16b3aef3deca41901bb034d6cc1f341f25edf86b799a347ab84b

Download Submit
\Users\Admin\AppData\Local\Temp\X87vu.cpl

Filesize
1.4MB

MD5
97aa9f41f70d700d3a09c5758e0d4495

SHA1
b828da70a101d4ea5b61e27ff5be5d8ffc4c45bd

SHA256
c16048323f00fe1cf492e8f2758694c42a9027551c5b94673a473c4468e81a0b

SHA512
ea98ac90368785eb63516e0af38aa31b8e0555045b26b70a72108f9c07a6bef58bfd303da02e16b3aef3deca41901bb034d6cc1f341f25edf86b799a347ab84b

Download Submit
\Users\Admin\AppData\Local\Temp\X87vu.cpl

Filesize
1.4MB

MD5
97aa9f41f70d700d3a09c5758e0d4495

SHA1
b828da70a101d4ea5b61e27ff5be5d8ffc4c45bd

SHA256
c16048323f00fe1cf492e8f2758694c42a9027551c5b94673a473c4468e81a0b

SHA512
ea98ac90368785eb63516e0af38aa31b8e0555045b26b70a72108f9c07a6bef58bfd303da02e16b3aef3deca41901bb034d6cc1f341f25edf86b799a347ab84b

Download Submit
memory/3020-359-0x00000000005E0000-0x00000000005E6000-memory.dmp

Filesize
24KB

Download
memory/3528-152-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-156-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-123-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-124-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-126-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-127-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-128-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-129-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-130-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-131-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-132-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-134-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-133-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-135-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-136-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-137-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-138-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-155-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-140-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-141-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-142-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-143-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-144-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-145-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-146-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-147-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-148-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-149-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-150-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-120-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-151-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-153-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-121-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-154-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-139-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-157-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-158-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-159-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-160-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-161-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-162-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-163-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-164-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-165-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-166-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-167-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-169-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-168-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-171-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-170-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-172-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-173-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-174-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-175-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-176-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-177-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-178-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-179-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-180-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-181-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-182-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-183-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-119-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/3528-118-0x0000000077550000-0x00000000776DE000-memory.dmp

Filesize
1.6MB

Download
memory/4956-285-0x0000000003230000-0x0000000003236000-memory.dmp

Filesize
24KB

Download