eafacef9dbb5b198a8f7056fbe48682d746989c195253e654d0bad48a266f6ca

Analysis

max time kernel
50s
max time network
58s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
16/02/2023, 22:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

eafacef9dbb5b198a8f7056fbe48682d746989c195253e654d0bad48a266f6ca.exe
Size

1.3MB
MD5

f0f0e3d4cb1df8617ee4722ca83fb0b0
SHA1

6fd03e12412ebc57cc25b8b5188df053fdd690a7
SHA256

eafacef9dbb5b198a8f7056fbe48682d746989c195253e654d0bad48a266f6ca
SHA512

5f4d2f2e4bcc0bbed135fd841fdb8f6c958b20b5931f35d1773c73b5f33cd7f6689c4ba5e9ae0d991654f0e43ec99046756d3898f1c6223f8d81ad9bd0e41241
SSDEEP

24576:JLllLl7tEtWWirGCgOHpjhkLoubAF/xqxtZeGm5LpSUgWx1:hllL8bqFhkLoGAJCZeXxaWX

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
3052	rundll32.exe
3760	rundll32.exe
3760	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 4924	2132	eafacef9dbb5b198a8f7056fbe48682d746989c195253e654d0bad48a266f6ca.exe	66
PID 2132 wrote to memory of 4924	2132	eafacef9dbb5b198a8f7056fbe48682d746989c195253e654d0bad48a266f6ca.exe	66
PID 2132 wrote to memory of 4924	2132	eafacef9dbb5b198a8f7056fbe48682d746989c195253e654d0bad48a266f6ca.exe	66
PID 4924 wrote to memory of 3052	4924	control.exe	67
PID 4924 wrote to memory of 3052	4924	control.exe	67
PID 4924 wrote to memory of 3052	4924	control.exe	67
PID 3052 wrote to memory of 1804	3052	rundll32.exe	68
PID 3052 wrote to memory of 1804	3052	rundll32.exe	68
PID 1804 wrote to memory of 3760	1804	RunDll32.exe	69
PID 1804 wrote to memory of 3760	1804	RunDll32.exe	69
PID 1804 wrote to memory of 3760	1804	RunDll32.exe	69

C:\Users\Admin\AppData\Local\Temp\eafacef9dbb5b198a8f7056fbe48682d746989c195253e654d0bad48a266f6ca.exe
"C:\Users\Admin\AppData\Local\Temp\eafacef9dbb5b198a8f7056fbe48682d746989c195253e654d0bad48a266f6ca.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe" .\RnZgL.A
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4924
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL .\RnZgL.A
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:3052
  - - C:\Windows\system32\RunDll32.exe
      C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL .\RnZgL.A
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1804
    - - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 .\RnZgL.A
        5⤵
        Loads dropped DLL
        
        PID:3760

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RnZgL.A

Filesize
1.2MB

MD5
66559b84af3fd055d79f9bd2d1e852fa

SHA1
6d01feaf4f257d1d6d17a5f8e929d8da8c55d00d

SHA256
1e7ee51ec163a02e000b3d7848bf1da6abcf276dc4efc996b6e577512ce55f55

SHA512
d66d388d606631322da46fd4e74cb262b00fad72fee5167971f862e7d228c9f3c7061b399eeb2ba09a2e4f667cf91f7695eb0169c76e589d520975cbf54b72b9

Download Submit
\Users\Admin\AppData\Local\Temp\RnZgl.a

Filesize
1.2MB

MD5
66559b84af3fd055d79f9bd2d1e852fa

SHA1
6d01feaf4f257d1d6d17a5f8e929d8da8c55d00d

SHA256
1e7ee51ec163a02e000b3d7848bf1da6abcf276dc4efc996b6e577512ce55f55

SHA512
d66d388d606631322da46fd4e74cb262b00fad72fee5167971f862e7d228c9f3c7061b399eeb2ba09a2e4f667cf91f7695eb0169c76e589d520975cbf54b72b9

Download Submit
\Users\Admin\AppData\Local\Temp\RnZgl.a

Filesize
1.2MB

MD5
66559b84af3fd055d79f9bd2d1e852fa

SHA1
6d01feaf4f257d1d6d17a5f8e929d8da8c55d00d

SHA256
1e7ee51ec163a02e000b3d7848bf1da6abcf276dc4efc996b6e577512ce55f55

SHA512
d66d388d606631322da46fd4e74cb262b00fad72fee5167971f862e7d228c9f3c7061b399eeb2ba09a2e4f667cf91f7695eb0169c76e589d520975cbf54b72b9

Download Submit
\Users\Admin\AppData\Local\Temp\RnZgl.a

Filesize
1.2MB

MD5
66559b84af3fd055d79f9bd2d1e852fa

SHA1
6d01feaf4f257d1d6d17a5f8e929d8da8c55d00d

SHA256
1e7ee51ec163a02e000b3d7848bf1da6abcf276dc4efc996b6e577512ce55f55

SHA512
d66d388d606631322da46fd4e74cb262b00fad72fee5167971f862e7d228c9f3c7061b399eeb2ba09a2e4f667cf91f7695eb0169c76e589d520975cbf54b72b9

Download Submit
memory/2132-154-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-163-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-123-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-125-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-126-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-128-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-157-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-130-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-131-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-159-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-133-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-134-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-135-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-136-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-137-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-138-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-139-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-140-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-141-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-142-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-143-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-144-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-145-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-146-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-147-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-148-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-149-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-150-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-151-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-152-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-153-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-121-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-155-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-156-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-129-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-122-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-132-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-160-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-162-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-161-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-158-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-164-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-165-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-166-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-167-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-168-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-169-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-171-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-170-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-172-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-173-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-174-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-175-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-176-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-177-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-178-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-179-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-180-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-181-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-182-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-183-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-184-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2132-120-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/3052-280-0x0000000003200000-0x000000000334A000-memory.dmp

Filesize
1.3MB

Download
memory/3052-343-0x0000000003200000-0x000000000334A000-memory.dmp

Filesize
1.3MB

Download
memory/3760-342-0x0000000000A70000-0x0000000000A76000-memory.dmp

Filesize
24KB

Download
memory/4924-186-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download