0efbdb0054c1259e415cd7d5874827aeb5a29ad28301d99c3996e738aa10a394

Analysis

max time kernel
66s
max time network
147s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
25-01-2023 10:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0efbdb0054c1259e415cd7d5874827aeb5a29ad28301d99c3996e738aa10a394.exe
Size

1.3MB
MD5

d72b4943511a916db1adcf793df4bb89
SHA1

4b7b3d2fd34bde28314ae918267e13b0bfdb9a9f
SHA256

0efbdb0054c1259e415cd7d5874827aeb5a29ad28301d99c3996e738aa10a394
SHA512

afbb1912cbe26eb2068fe004c01bc80b71f68aaee15f7e63b9ee2ee445c13733688b1aa35b5789a659d370295df96d8fa5a1918422bd0ea191f3dd14844211ff
SSDEEP

24576:O208/RKHuEBKh566XG/EMll5LuCYBmiYYchnBTMHmXFaYIoELt4jO:908/RYe5662B5qCgYYctFMH9Jt4i

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

Processes:

rundll32.exerundll32.exe

pid process

4828 rundll32.exe
4216 rundll32.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
4828	rundll32.exe
4216	rundll32.exe

Modifies registry class 1 IoCs

Processes:

0efbdb0054c1259e415cd7d5874827aeb5a29ad28301d99c3996e738aa10a394.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings	0efbdb0054c1259e415cd7d5874827aeb5a29ad28301d99c3996e738aa10a394.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

0efbdb0054c1259e415cd7d5874827aeb5a29ad28301d99c3996e738aa10a394.execontrol.exerundll32.exeRunDll32.exe

description	pid	process	target process
PID 2700 wrote to memory of 4972	2700	0efbdb0054c1259e415cd7d5874827aeb5a29ad28301d99c3996e738aa10a394.exe	control.exe
PID 2700 wrote to memory of 4972	2700	0efbdb0054c1259e415cd7d5874827aeb5a29ad28301d99c3996e738aa10a394.exe	control.exe
PID 2700 wrote to memory of 4972	2700	0efbdb0054c1259e415cd7d5874827aeb5a29ad28301d99c3996e738aa10a394.exe	control.exe
PID 4972 wrote to memory of 4828	4972	control.exe	rundll32.exe
PID 4972 wrote to memory of 4828	4972	control.exe	rundll32.exe
PID 4972 wrote to memory of 4828	4972	control.exe	rundll32.exe
PID 4828 wrote to memory of 4748	4828	rundll32.exe	RunDll32.exe
PID 4828 wrote to memory of 4748	4828	rundll32.exe	RunDll32.exe
PID 4748 wrote to memory of 4216	4748	RunDll32.exe	rundll32.exe
PID 4748 wrote to memory of 4216	4748	RunDll32.exe	rundll32.exe
PID 4748 wrote to memory of 4216	4748	RunDll32.exe	rundll32.exe

C:\Users\Admin\AppData\Local\Temp\0efbdb0054c1259e415cd7d5874827aeb5a29ad28301d99c3996e738aa10a394.exe
"C:\Users\Admin\AppData\Local\Temp\0efbdb0054c1259e415cd7d5874827aeb5a29ad28301d99c3996e738aa10a394.exe"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2700

C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\53_F2O7.cPl",
2⤵
- Suspicious use of WriteProcessMemory
PID:4972

C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\53_F2O7.cPl",
3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4828

C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\53_F2O7.cPl",
4⤵
- Suspicious use of WriteProcessMemory
PID:4748

C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\53_F2O7.cPl",
5⤵
- Loads dropped DLL
PID:4216

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\53_F2O7.cPl
Filesize
1.4MB

MD5
a2a8eefb9bc71f65f77049bb740413c0

SHA1
e7be7c53a49d6b7cc0d4165ff84663467224c02c

SHA256
263cbda48d5f370b73539f619cb9ca08f47e6c1f6b9259a52094df9f93f85a65

SHA512
56b0bab29f1beca5ca12113dcc22248397aa20ffc6cb428815142201e6af6801bb686e5537b9f7a152e8fa7c53ae1d34a5a564cd10eb9bd61a994d55d9471b45

Download Submit
\Users\Admin\AppData\Local\Temp\53_F2o7.cpl
Filesize
1.4MB

MD5
a2a8eefb9bc71f65f77049bb740413c0

SHA1
e7be7c53a49d6b7cc0d4165ff84663467224c02c

SHA256
263cbda48d5f370b73539f619cb9ca08f47e6c1f6b9259a52094df9f93f85a65

SHA512
56b0bab29f1beca5ca12113dcc22248397aa20ffc6cb428815142201e6af6801bb686e5537b9f7a152e8fa7c53ae1d34a5a564cd10eb9bd61a994d55d9471b45

Download Submit
\Users\Admin\AppData\Local\Temp\53_F2o7.cpl
Filesize
1.4MB

MD5
a2a8eefb9bc71f65f77049bb740413c0

SHA1
e7be7c53a49d6b7cc0d4165ff84663467224c02c

SHA256
263cbda48d5f370b73539f619cb9ca08f47e6c1f6b9259a52094df9f93f85a65

SHA512
56b0bab29f1beca5ca12113dcc22248397aa20ffc6cb428815142201e6af6801bb686e5537b9f7a152e8fa7c53ae1d34a5a564cd10eb9bd61a994d55d9471b45

Download Submit
memory/2700-152-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-124-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-119-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-153-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-121-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-154-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-125-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-126-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-127-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-128-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-129-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-131-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-132-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-133-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-134-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-130-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-135-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-136-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-137-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-138-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-139-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-140-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-141-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-142-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-143-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-144-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-145-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-146-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-147-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-148-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-150-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-149-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-151-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-117-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-122-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-155-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-118-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-156-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-157-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-158-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-159-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-160-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-161-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-162-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-163-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-164-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-165-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-166-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-167-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-169-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-168-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-170-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-171-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-172-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-173-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-174-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-175-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-176-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-177-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-178-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-179-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-180-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-181-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-116-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4216-292-0x0000000000000000-mapping.dmp

Download
memory/4216-343-0x0000000005060000-0x0000000005066000-memory.dmp

Filesize
24KB

Download
memory/4748-291-0x0000000000000000-mapping.dmp

Download
memory/4828-226-0x0000000000000000-mapping.dmp

Download
memory/4828-278-0x0000000002D20000-0x0000000002E6A000-memory.dmp

Filesize
1.3MB

Download
memory/4828-279-0x0000000002D20000-0x0000000002E6A000-memory.dmp

Filesize
1.3MB

Download
memory/4972-182-0x0000000000000000-mapping.dmp

Download