579b99b3d4e55222874ede30594973e5b3f725ac239292b1f7e05990b6086318

Analysis

max time kernel
60s
max time network
68s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
11/02/2023, 04:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

579b99b3d4e55222874ede30594973e5b3f725ac239292b1f7e05990b6086318.exe
Size

1.5MB
MD5

bf316a2fc6cc65d6fe1f0a00c29d5b0f
SHA1

ca2314690eb12dbfa19ed739d59e7a7c01915275
SHA256

579b99b3d4e55222874ede30594973e5b3f725ac239292b1f7e05990b6086318
SHA512

ff0009019a9abd22a320467da4e93ea8958e470f54273d3dbafed79b3a227da005b5b8eeff075095caa7eb02487ead840d7e035152c8df22af13532be446ebdf
SSDEEP

24576:9GHCm8uPdJmX2E3Ix3kvoOGtzZ1hEzjDjUYh810gL83oATteaErnLTXU8T:EuWxTZ6oOGtN3uUYh810gXktFenLTEE

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
3528	rundll32.exe
3528	rundll32.exe
1876	rundll32.exe
1876	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings	579b99b3d4e55222874ede30594973e5b3f725ac239292b1f7e05990b6086318.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2704 wrote to memory of 1296	2704	579b99b3d4e55222874ede30594973e5b3f725ac239292b1f7e05990b6086318.exe	66
PID 2704 wrote to memory of 1296	2704	579b99b3d4e55222874ede30594973e5b3f725ac239292b1f7e05990b6086318.exe	66
PID 2704 wrote to memory of 1296	2704	579b99b3d4e55222874ede30594973e5b3f725ac239292b1f7e05990b6086318.exe	66
PID 1296 wrote to memory of 3528	1296	control.exe	68
PID 1296 wrote to memory of 3528	1296	control.exe	68
PID 1296 wrote to memory of 3528	1296	control.exe	68
PID 3528 wrote to memory of 4416	3528	rundll32.exe	69
PID 3528 wrote to memory of 4416	3528	rundll32.exe	69
PID 4416 wrote to memory of 1876	4416	RunDll32.exe	70
PID 4416 wrote to memory of 1876	4416	RunDll32.exe	70
PID 4416 wrote to memory of 1876	4416	RunDll32.exe	70

C:\Users\Admin\AppData\Local\Temp\579b99b3d4e55222874ede30594973e5b3f725ac239292b1f7e05990b6086318.exe
"C:\Users\Admin\AppData\Local\Temp\579b99b3d4e55222874ede30594973e5b3f725ac239292b1f7e05990b6086318.exe"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\R0CLC5~8.CPL",
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1296
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\R0CLC5~8.CPL",
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:3528
  - - C:\Windows\system32\RunDll32.exe
      C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\R0CLC5~8.CPL",
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4416
    - - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\R0CLC5~8.CPL",
        5⤵
        Loads dropped DLL
        
        PID:1876

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\R0CLC5~8.CPL

Filesize
1.6MB

MD5
f09cf527ef833e29a17e96cc0dc62efd

SHA1
c632cb31800daaa2c4e266e030129dd2dc23e204

SHA256
499ac68774044753a6704a53b9565737c5c42796f22dbdfe93f63ae70a0496e1

SHA512
c54911b7739ac80a91a6c6f5be767ae589d7b382f77ca7ad732ff6839410c1b172656230c4e66dacd45110adf27e2ef6e2d585036fec74a9796987bd091190bb

Download Submit
\Users\Admin\AppData\Local\Temp\r0cLc5~8.cpl

Filesize
1.6MB

MD5
f09cf527ef833e29a17e96cc0dc62efd

SHA1
c632cb31800daaa2c4e266e030129dd2dc23e204

SHA256
499ac68774044753a6704a53b9565737c5c42796f22dbdfe93f63ae70a0496e1

SHA512
c54911b7739ac80a91a6c6f5be767ae589d7b382f77ca7ad732ff6839410c1b172656230c4e66dacd45110adf27e2ef6e2d585036fec74a9796987bd091190bb

Download Submit
\Users\Admin\AppData\Local\Temp\r0cLc5~8.cpl

Filesize
1.6MB

MD5
f09cf527ef833e29a17e96cc0dc62efd

SHA1
c632cb31800daaa2c4e266e030129dd2dc23e204

SHA256
499ac68774044753a6704a53b9565737c5c42796f22dbdfe93f63ae70a0496e1

SHA512
c54911b7739ac80a91a6c6f5be767ae589d7b382f77ca7ad732ff6839410c1b172656230c4e66dacd45110adf27e2ef6e2d585036fec74a9796987bd091190bb

Download Submit
\Users\Admin\AppData\Local\Temp\r0cLc5~8.cpl

Filesize
1.6MB

MD5
f09cf527ef833e29a17e96cc0dc62efd

SHA1
c632cb31800daaa2c4e266e030129dd2dc23e204

SHA256
499ac68774044753a6704a53b9565737c5c42796f22dbdfe93f63ae70a0496e1

SHA512
c54911b7739ac80a91a6c6f5be767ae589d7b382f77ca7ad732ff6839410c1b172656230c4e66dacd45110adf27e2ef6e2d585036fec74a9796987bd091190bb

Download Submit
\Users\Admin\AppData\Local\Temp\r0cLc5~8.cpl

Filesize
1.6MB

MD5
f09cf527ef833e29a17e96cc0dc62efd

SHA1
c632cb31800daaa2c4e266e030129dd2dc23e204

SHA256
499ac68774044753a6704a53b9565737c5c42796f22dbdfe93f63ae70a0496e1

SHA512
c54911b7739ac80a91a6c6f5be767ae589d7b382f77ca7ad732ff6839410c1b172656230c4e66dacd45110adf27e2ef6e2d585036fec74a9796987bd091190bb

Download Submit
memory/1876-340-0x00000000007F0000-0x00000000007F6000-memory.dmp

Filesize
24KB

Download
memory/2704-155-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-159-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-125-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-128-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-157-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-130-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-131-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-132-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-133-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-134-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-135-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-136-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-137-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-138-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-139-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-140-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-141-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-142-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-143-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-144-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-145-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-146-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-147-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-148-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-149-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-150-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-151-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-153-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-152-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-154-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-123-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-156-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-129-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-126-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-183-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-158-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-161-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-162-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-163-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-164-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-165-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-166-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-167-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-168-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-169-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-171-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-172-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-173-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-170-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-174-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-175-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-176-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-177-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-178-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-179-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-180-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-182-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-160-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-184-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-181-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-185-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-120-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-121-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/2704-122-0x00000000773D0000-0x000000007755E000-memory.dmp

Filesize
1.6MB

Download
memory/3528-282-0x0000000000600000-0x00000000006AE000-memory.dmp

Filesize
696KB

Download
memory/3528-281-0x0000000000600000-0x00000000006AE000-memory.dmp

Filesize
696KB

Download