30d13e3faf5204d7ebff64ac7e22872f8912bec6eb5f2b3983f1801d2e9c4c19

Analysis

max time kernel
1s
max time network
23s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2023, 18:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tmp.exe
Size

322KB
MD5

d174bfcbfe69a03effd5ad81aebb7446
SHA1

4413590f098b2dd7290fc96a6c6ffcd3b0addf0a
SHA256

30d13e3faf5204d7ebff64ac7e22872f8912bec6eb5f2b3983f1801d2e9c4c19
SHA512

d6cb70ae31df4741b1c043e24bfccd9bbd36be49526ea9cda6e12aeb4c3a1b99cc465b17890aefaaf9ea3400c678469317356ce420390b4c65e942b71b71cb1f
SSDEEP

6144:PYa6TEyrxESYPEKFnYTdJUtF6WZJPv1/5KZL3TocyxIGpCRLi29n/Gcmsy8vS:PYBEqxwPTF0G3JTvTKJECRG29+cmsyqS

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
404	mmunugkn.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 404 set thread context of 1692	404	mmunugkn.exe	86

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
404	mmunugkn.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 404	1720	tmp.exe	85
PID 1720 wrote to memory of 404	1720	tmp.exe	85
PID 1720 wrote to memory of 404	1720	tmp.exe	85
PID 404 wrote to memory of 1692	404	mmunugkn.exe	86
PID 404 wrote to memory of 1692	404	mmunugkn.exe	86
PID 404 wrote to memory of 1692	404	mmunugkn.exe	86
PID 404 wrote to memory of 1692	404	mmunugkn.exe	86

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Users\Admin\AppData\Local\Temp\mmunugkn.exe
  "C:\Users\Admin\AppData\Local\Temp\mmunugkn.exe" C:\Users\Admin\AppData\Local\Temp\ffgqdpcrvwe.c
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of WriteProcessMemory
  PID:404
- - C:\Users\Admin\AppData\Local\Temp\mmunugkn.exe
    "C:\Users\Admin\AppData\Local\Temp\mmunugkn.exe"
    3⤵
    PID:1692

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ffgqdpcrvwe.c

Filesize
5KB

MD5
200b7cd37ae7fffe3743d7999ecd08da

SHA1
cb490df9fd8e09f59d1bba9fa58d7d672d53090d

SHA256
a8f46468397a04ba3c057e77fd75b3dcdafd71ddbd0e820032ff037a3f790190

SHA512
769fe8117217a7e9ecbc6527d907b8384ebeb7a703c7eaa239c086677578cd2037740581339804fcc985c6fc104a0cbff9db61043f143c29aa17387b3eca072b

Download Submit
C:\Users\Admin\AppData\Local\Temp\mmunugkn.exe

Filesize
59KB

MD5
81bd2e2b65234767be48e51784e65fb6

SHA1
b03dd2afc1852b22a7365ede4b5abd9be856fc8d

SHA256
de02d5fba481b1122c16fb4aa7a41afd46f76f8e667997ef6a4035ce0088095f

SHA512
92df512908de2fe541bab463f6d6a8327dd9678f6e90e4d94a08c4d0dd50ae1aebc2d66cc3396a6e33b282442d47e00e1d0a94b433b4cd3d966f9799a9a42ce7

Download Submit
C:\Users\Admin\AppData\Local\Temp\mmunugkn.exe

Filesize
59KB

MD5
81bd2e2b65234767be48e51784e65fb6

SHA1
b03dd2afc1852b22a7365ede4b5abd9be856fc8d

SHA256
de02d5fba481b1122c16fb4aa7a41afd46f76f8e667997ef6a4035ce0088095f

SHA512
92df512908de2fe541bab463f6d6a8327dd9678f6e90e4d94a08c4d0dd50ae1aebc2d66cc3396a6e33b282442d47e00e1d0a94b433b4cd3d966f9799a9a42ce7

Download Submit
C:\Users\Admin\AppData\Local\Temp\tqnznp.b

Filesize
314KB

MD5
b8118e544793cfb05e6f8fb0082ee6ce

SHA1
cbba522d0efec522ac9233b1d22c04ac41d3e422

SHA256
240f639c6a688a4bf61f6d31ac0d1a3faa2442f6a60afd692e57f16bfd6a1561

SHA512
cb54dae88d00fda09645d38235905368afc08b26c26c4af9698f8ed6927772b0ad269e9c9efa13504b1b7c006267f585cbe4ed5e2064c25c44a8967c4979f0e7

Download Submit