821371a98929b770fb07fade766bd04ebc9b46835e6475eb04ded8d317166041

Resubmissions

23/03/2023, 22:07

230323-11mleaad94 10

23/03/2023, 22:03

230323-1ypmzscd6v 3

23/03/2023, 22:01

230323-1xf98aad75 3

23/03/2023, 21:57

230323-1vadwscd4t 3

Analysis

max time kernel
113s
max time network
154s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
23/03/2023, 22:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Installer.rar
Size

46.0MB
MD5

a37158027c477127636013b59d41040a
SHA1

6aa82d249812df8381af0bfcf986cc4d0a8abcd3
SHA256

821371a98929b770fb07fade766bd04ebc9b46835e6475eb04ded8d317166041
SHA512

c3b6039133b0cb206f1313de001061563f244a4c48ae58d3e6f42c26e3d7ea97b4ed2e820f49d8c5ab211d20f38272abca743a1d001d984d81466827946052e4
SSDEEP

786432:TTifKUYM3wOJGmY1abDVKMdj26moNapWJAfN/t+6YuVSyQspBTC3r2SrgzLIR0vT:c/5AEbcQAMdjpa8CfdtBVSVspBTCr2Sq

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache	rundll32.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1272	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1272	AUDIODG.EXE
Token: 33	1272	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1272	AUDIODG.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 1308	1880	cmd.exe	30
PID 1880 wrote to memory of 1308	1880	cmd.exe	30
PID 1880 wrote to memory of 1308	1880	cmd.exe	30

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Installer.rar
1⤵
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Installer.rar
  2⤵
  - Modifies registry class
  PID:1308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1248,i,11235525137924736526,8640445436061883783,131072 /prefetch:2
1⤵
PID:1836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=1248,i,11235525137924736526,8640445436061883783,131072 /prefetch:8
1⤵
PID:1924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1248,i,11235525137924736526,8640445436061883783,131072 /prefetch:8
1⤵
PID:1824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2180 --field-trial-handle=1248,i,11235525137924736526,8640445436061883783,131072 /prefetch:1
1⤵
PID:1220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1248,i,11235525137924736526,8640445436061883783,131072 /prefetch:1
1⤵
PID:2012

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1500 --field-trial-handle=1248,i,11235525137924736526,8640445436061883783,131072 /prefetch:2
1⤵
PID:1176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --mojo-platform-channel-handle=1484 --field-trial-handle=1248,i,11235525137924736526,8640445436061883783,131072 /prefetch:1
1⤵
PID:2052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3824 --field-trial-handle=1248,i,11235525137924736526,8640445436061883783,131072 /prefetch:8
1⤵
PID:2120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3948 --field-trial-handle=1248,i,11235525137924736526,8640445436061883783,131072 /prefetch:8
1⤵
PID:2136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=848 --field-trial-handle=1248,i,11235525137924736526,8640445436061883783,131072 /prefetch:1
1⤵
PID:2260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=2236 --field-trial-handle=1248,i,11235525137924736526,8640445436061883783,131072 /prefetch:1
1⤵
PID:2436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=2008 --field-trial-handle=1248,i,11235525137924736526,8640445436061883783,131072 /prefetch:1
1⤵
PID:2856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=1928 --field-trial-handle=1248,i,11235525137924736526,8640445436061883783,131072 /prefetch:1
1⤵
PID:2940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4140 --field-trial-handle=1248,i,11235525137924736526,8640445436061883783,131072 /prefetch:8
1⤵
PID:2168

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xc8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 --field-trial-handle=1248,i,11235525137924736526,8640445436061883783,131072 /prefetch:8
1⤵
PID:588

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
295KB

MD5
ed24fc621782207dbd4ae43ba5814d55

SHA1
664b7dad8cb58b5acfd5c975cb42e6b83a09e3e1

SHA256
2c9c65baf3a16b4e6bd3082fef6b0cc0e8f3d43635f7ec1257b1b8bb2bcf922d

SHA512
2645d9177e2d15336c2847ed0cff720d94ea9802e232d936854a1ccb98753261f69c794fcd996a6c1ac9126dded7cfad9fac89c047fc266dffc7ee24ab347961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
63KB

MD5
38a059fbc080b07299425dbd6c9a0de7

SHA1
d20df74f0fb27f3154324147960a848988bd570d

SHA256
6a0192e4a39c3b7445105aacbca7ab692f39ea8f848c183ee9464b8cdc70d1bd

SHA512
dd15c47ee780d9bd7e4b6459d411a259f55e65f805a7e40d9b1473a491740d7fa7d99e276266cbd1987c6583c70fb1ba2c673eb81aecaae07d7026ab72ef64f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
68KB

MD5
7a707690fc7a27ab7662ee21804ce871

SHA1
a5cd71b62fa531a57e3701c6335c1ee553462960

SHA256
57e84cd6357a6a784d77656d559e226a874aacc91c6486b3de1319c0284dfa3a

SHA512
637ac59a379f3dff810433da2e9cb888f0a7053e1797f7362fd66989ea8e31f470eae12506dc27b505086b73d85ac92a0898a775b958864caf043ede81754cca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
50KB

MD5
7c25eccc08c604818f2ad949bbd64d03

SHA1
f798ffc2e47c6c816b6407df3be703e26daeb167

SHA256
4065467e0796055cdb19ba98e01666d967e99df14316fe190edc613c9f2bae71

SHA512
99d95a658e9cb66eb237fa78b0053e2403b903b5ae785d3b4ee840fe4a3696c22a707a6d7b3ab86fe2bbb7b3e34942f95db773e4cefd32fea224c8c559253274

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
611KB

MD5
b184139ce34469a5ec45b250b44646d6

SHA1
de45e59516e6170cd38f4e3b386f30e7ebdc14ef

SHA256
ac738b8f617b74220e663f7a6d4715b00ed3fc49ce181c790ddc56a128896622

SHA512
622c186ecc4525b89a1aff9dd4f91e2ec9d23911f19183c01f599e39ea62111cdd5c5954d5874e3f61360d29890219db86c85e56c625d6240c603737cfaa717b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
35KB

MD5
6ddcb89c6fc52a615868ad112aa18372

SHA1
5873ff26339e766787790e041aa618dce9b7c82d

SHA256
2933c0390c29d782cff2f0307e42db3cda6295d338030fbdf4d261fa95d1e0bb

SHA512
3c12b78fa1854791d081964b5dc92932bc646aacadb5319adbbbbe7f5ca432c2b65c232c2ce40f9511e32df7eb3d3fc4c1a61cedc424c070781d7c3a8bb8ac7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
683B

MD5
750d728c557f68fff09bf4ce83d889fb

SHA1
748d59ee26b925f705dfbb20173a1dea8cd89ac8

SHA256
6d423cec3a470cd30a2ab7e0ddda9077a225fffc5050732632fbed596735ac1d

SHA512
7c6055e00834941178a598ff87e5ff145b3a2aa1ab2f62046f880ba15c8699ba8c28b8eb5a636358c471da36e0d15a8505b09251829ec2f864e6a03b478c83fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
a6b84a63350227391d52a51c4d5faa12

SHA1
25ab08009d15e36617fd516b1cb43bf60f599337

SHA256
3f58f55779013cd5d479c26c5f38338afb180b023ab98e33d363d628f92125cc

SHA512
e22a6ac2b6b6506df5119bf216acca0acc7b0419db474462ac47a1e161b06c3c62e5f853f9c41bf44e5772a131e5b7b6c7d535c9719724e69aeec06056209aa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
08a88ecb3cc2724cafeea8253d63ac79

SHA1
cd7de4cee72fc6f8ce69f7d0f1fc26bcd7d6851e

SHA256
af3847f28c051b42fb94b7ca7eb34cc37f4f94d7736f10e44d904c78f8816f89

SHA512
07a756f247d85861ed346336beb2080da70fab72326eb298d6fc88bb69f60dbb3ef29c10acbc15e47b795747f038ce5073e72aa9f7b6e35a8e986f750c037b87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
34c93a880c48bc05ef1ed17d69446842

SHA1
79b9756bcef01a5d0ca27d6bfea27208179f7be2

SHA256
a60dc99fafda1874de4a72d176ad6d52cc2941fe02567966f6b0d057df80d82b

SHA512
963c2ce00421cb3bf732674e309cb55f5efb74bcb3d7d4b487cba77f3a40f6df93194311db9b39c301325bc316398a5c6fb26773d6dd9f2704ab8d1ac410f83f

Download Submit