4f7240395c0d68ad0b4bc4c240b86d770e856f4ed86cee8638dece198014d022

Analysis

max time kernel
50s
max time network
175s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
12/02/2023, 22:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f7240395c0d68ad0b4bc4c240b86d770e856f4ed86cee8638dece198014d022.exe
Size

10.9MB
MD5

5aff000c9f9995c8655dd5f792e8397f
SHA1

fede482ca000a1449a7aeee1438761b29656510b
SHA256

4f7240395c0d68ad0b4bc4c240b86d770e856f4ed86cee8638dece198014d022
SHA512

ee029090fcaef8ad31f173188a39c91d5de1c86d308e88853d50d7cab0bd58d6e1e1343fea1f009e2f6fd816cdca80f114427c75c9e2660d418c79765fc5f23a
SSDEEP

196608:qMFAOaHjtE1z8Htc+8jmfZsuolXAVmQKOeHuGcagNGfS0SOKSI8p8oczS:qcaHjtEcc6GWdeOtGfSHSFm

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4880	Adoberegid.1991-06.com.microsoft-type1.9.4.7.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Windows\CurrentVersion\Run	4f7240395c0d68ad0b4bc4c240b86d770e856f4ed86cee8638dece198014d022.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Windows\CurrentVersion\Run\Adoberegid.1991-06.com.microsoft-type1.9.4.7 = "C:\\ProgramData\\Adoberegid.1991-06.com.microsoft-type1.9.4.7\\Adoberegid.1991-06.com.microsoft-type1.9.4.7.exe"	4f7240395c0d68ad0b4bc4c240b86d770e856f4ed86cee8638dece198014d022.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2364	4f7240395c0d68ad0b4bc4c240b86d770e856f4ed86cee8638dece198014d022.exe
2364	4f7240395c0d68ad0b4bc4c240b86d770e856f4ed86cee8638dece198014d022.exe
4880	Adoberegid.1991-06.com.microsoft-type1.9.4.7.exe
4880	Adoberegid.1991-06.com.microsoft-type1.9.4.7.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 4880	2364	4f7240395c0d68ad0b4bc4c240b86d770e856f4ed86cee8638dece198014d022.exe	66
PID 2364 wrote to memory of 4880	2364	4f7240395c0d68ad0b4bc4c240b86d770e856f4ed86cee8638dece198014d022.exe	66
PID 2364 wrote to memory of 4880	2364	4f7240395c0d68ad0b4bc4c240b86d770e856f4ed86cee8638dece198014d022.exe	66

C:\Users\Admin\AppData\Local\Temp\4f7240395c0d68ad0b4bc4c240b86d770e856f4ed86cee8638dece198014d022.exe
"C:\Users\Admin\AppData\Local\Temp\4f7240395c0d68ad0b4bc4c240b86d770e856f4ed86cee8638dece198014d022.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2364
- C:\ProgramData\Adoberegid.1991-06.com.microsoft-type1.9.4.7\Adoberegid.1991-06.com.microsoft-type1.9.4.7.exe
  "C:\ProgramData\Adoberegid.1991-06.com.microsoft-type1.9.4.7\Adoberegid.1991-06.com.microsoft-type1.9.4.7.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4880

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Adoberegid.1991-06.com.microsoft-type1.9.4.7\Adoberegid.1991-06.com.microsoft-type1.9.4.7.exe

Filesize
594.9MB

MD5
bda12ac6cc5eee6e2b777776e80f79dc

SHA1
88d2b78656164a5c710c07b66838c51af06eb2ad

SHA256
262dbdf6c7a2b1a330c2535db9deba978b0a086c86ccdd8d1719833eb2c2b2d1

SHA512
cac71777552e834bbabab39b522858244171decf2a65ec0bf493fe57be82937d4004b39e2e0b66e0c2cbad52893e424d2ff70c76f66a9ef38737927fd5eef802

Download Submit
C:\ProgramData\Adoberegid.1991-06.com.microsoft-type1.9.4.7\Adoberegid.1991-06.com.microsoft-type1.9.4.7.exe

Filesize
594.9MB

MD5
bda12ac6cc5eee6e2b777776e80f79dc

SHA1
88d2b78656164a5c710c07b66838c51af06eb2ad

SHA256
262dbdf6c7a2b1a330c2535db9deba978b0a086c86ccdd8d1719833eb2c2b2d1

SHA512
cac71777552e834bbabab39b522858244171decf2a65ec0bf493fe57be82937d4004b39e2e0b66e0c2cbad52893e424d2ff70c76f66a9ef38737927fd5eef802

Download Submit
memory/2364-120-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-121-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-122-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-123-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-124-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-125-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-126-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-127-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-128-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-129-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-130-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-131-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-132-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-133-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-134-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-136-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-135-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-137-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-138-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-139-0x0000000000400000-0x0000000001506000-memory.dmp

Filesize
17.0MB

Download
memory/2364-140-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-141-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-142-0x0000000000400000-0x0000000001506000-memory.dmp

Filesize
17.0MB

Download
memory/2364-145-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-146-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-148-0x0000000000400000-0x0000000001506000-memory.dmp

Filesize
17.0MB

Download
memory/2364-147-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-149-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-150-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-151-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-152-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-154-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-153-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-155-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-156-0x0000000000400000-0x0000000001506000-memory.dmp

Filesize
17.0MB

Download
memory/2364-157-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-158-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-159-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-160-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-161-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-162-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-163-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-164-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-165-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-166-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-167-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/2364-182-0x0000000000400000-0x0000000001506000-memory.dmp

Filesize
17.0MB

Download
memory/4880-170-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/4880-171-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/4880-172-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/4880-173-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/4880-174-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/4880-175-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/4880-177-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/4880-178-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/4880-179-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/4880-181-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/4880-183-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/4880-184-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/4880-180-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/4880-186-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/4880-188-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/4880-189-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/4880-187-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/4880-185-0x0000000077D40000-0x0000000077ECE000-memory.dmp

Filesize
1.6MB

Download
memory/4880-197-0x0000000000400000-0x0000000001506000-memory.dmp

Filesize
17.0MB

Download
memory/4880-202-0x0000000000400000-0x0000000001506000-memory.dmp

Filesize
17.0MB

Download
memory/4880-208-0x0000000000400000-0x0000000001506000-memory.dmp

Filesize
17.0MB

Download