65d8e4a70cb009d8ea24b9fb436ac172d379de9f12776971b754ff48b2f046b4

Analysis

max time kernel
1575s
max time network
1589s
platform
windows10-1703_x64
resource
win10-20220812-es
resource tags

arch:x64arch:x86image:win10-20220812-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
06-02-2023 18:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

driver/Driver.2.exe
Size

64.7MB
MD5

45637808bc3b3a0075e35b933b36873d
SHA1

e8b102d7b3fe18af8276f3a6b2695134cb68dc01
SHA256

9c063383be11df970bbab27c0cfd6b7fc72a359f0c56ffb682d16f021f6f3531
SHA512

fbbbad5f147a977b0122edb94a46bc0b92f0670da5ffa7e127eea0836869607fedc306c10bf769052adbedfaa050a069a335f127af2e00352ad884bb889e42d9
SSDEEP

1572864:Z2syXKJyo50+y0lprT25/KFbUJsDD9cqau+tKPBxymtXkP4vi7:Z2syX/90zf25ybvDD29uCKPBxhmN7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4988	App.exe

Loads dropped DLL 4 IoCs

pid	Process
2572	Driver.2.exe
2572	Driver.2.exe
2572	Driver.2.exe
4988	App.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2572	Driver.2.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 4988	2572	Driver.2.exe	67
PID 2572 wrote to memory of 4988	2572	Driver.2.exe	67

C:\Users\Admin\AppData\Local\Temp\driver\Driver.2.exe
"C:\Users\Admin\AppData\Local\Temp\driver\Driver.2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Users\Admin\AppData\Local\Temp\2K75c2bP7dLzaO94kbGdJBCzMoi\App.exe
  C:\Users\Admin\AppData\Local\Temp\2K75c2bP7dLzaO94kbGdJBCzMoi\App.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4988

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2K75c2bP7dLzaO94kbGdJBCzMoi\App.exe

Filesize
150.4MB

MD5
c2cca3c53d293706cf415165defd31ca

SHA1
2b46fa3902273dbd12809b1ae05edd2d149adfb2

SHA256
a5a035365a5b468b566cf8319ebd6fe20ff218562d95dd3263d4708dfafa37d3

SHA512
54be841cf78edd6c8ac3d510e07dd5fe9e4c460f42a0918bae6dc402aa12c0f78f972972df4b0cf22750b398b6160c72ab40772cf577fe32ec57273a017cdc7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2K75c2bP7dLzaO94kbGdJBCzMoi\ffmpeg.dll

Filesize
2.6MB

MD5
0b003a4518c24a426554920171f7a842

SHA1
d64f248f642373c899011a6f0e125335b067a56f

SHA256
d4caab8ba7c39c32d88408b96622c065c31b7c5578a3d58c591b0dba609c4535

SHA512
9581b6473cdb52f8735f0ad92b01caffd95646e6231e20f0b0919aa89faec01561052ed9a0b650a79dfe915bcd3036095e761c87e02bd384b37417e4e7c59298

Download Submit
C:\Users\Admin\AppData\Local\Temp\2K75c2bP7dLzaO94kbGdJBCzMoi\icudtl.dat

Filesize
10.0MB

MD5
76bef9b8bb32e1e54fe1054c97b84a10

SHA1
05dfea2a3afeda799ab01bb7fbce628cacd596f4

SHA256
97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3

SHA512
7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\2K75c2bP7dLzaO94kbGdJBCzMoi\resources\app.asar

Filesize
22.9MB

MD5
1b9f588bf9b30d8671a1f07b1360b236

SHA1
7386a7a42a1d6137322fdc721256589c3b43d96b

SHA256
6dcb1b317b7f9015ac03b3a312b334ee16bbc0455f0cf8c1fad9a24f95c5aa09

SHA512
cae0d5d1868c761191f73c7b41294c96c8f227f5ac70da79e35a906384aa5fcfdd7b455722df3e7fbf36692a7ac818ce7f9dc8cb647ba708368c03caf22dbb30

Download Submit
C:\Users\Admin\AppData\Local\Temp\2K75c2bP7dLzaO94kbGdJBCzMoi\v8_context_snapshot.bin

Filesize
471KB

MD5
0e92bb66ea722338663d6d2d891b5d35

SHA1
b73c8560c974dc9b17488a7b50895dc03f43bc6f

SHA256
e795edcbe49ef9dbe4ad88c4fce19076fafc13f56353753a39e35a3355c3d2d1

SHA512
cc8e28d47f1298382645e658deecf784fcdb9e4eca44537eff878d090be215c437d87e709c186947f798a46580517bac76bb9d69c09830991ed1d94d29e2a367

Download Submit
\Users\Admin\AppData\Local\Temp\2K75c2bP7dLzaO94kbGdJBCzMoi\ffmpeg.dll

Filesize
2.6MB

MD5
0b003a4518c24a426554920171f7a842

SHA1
d64f248f642373c899011a6f0e125335b067a56f

SHA256
d4caab8ba7c39c32d88408b96622c065c31b7c5578a3d58c591b0dba609c4535

SHA512
9581b6473cdb52f8735f0ad92b01caffd95646e6231e20f0b0919aa89faec01561052ed9a0b650a79dfe915bcd3036095e761c87e02bd384b37417e4e7c59298

Download Submit
\Users\Admin\AppData\Local\Temp\nsf95FC.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsf95FC.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsf95FC.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/2572-131-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-152-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-127-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-128-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-129-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-130-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-116-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-133-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-134-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-135-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-136-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-137-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-138-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-139-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-140-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-141-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-143-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-144-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-146-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-145-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-142-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-132-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-147-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-148-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-149-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-150-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-151-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-126-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-153-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-154-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-155-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-156-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-157-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-158-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-160-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-125-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-123-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-162-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-163-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-164-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-165-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-166-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-167-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-169-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-124-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-170-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-171-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-117-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-122-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-121-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-120-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-119-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/2572-118-0x0000000077E30000-0x0000000077FBE000-memory.dmp

Filesize
1.6MB

Download
memory/4988-172-0x0000000000000000-mapping.dmp

Download