cb46ebe1920753d5bc23c30b282a801f9e2d33b2ebb1d1cdc294cdae1e3e9d5a

General

Target

cb46ebe1920753d5bc23c30b282a801f9e2d33b2ebb1d1cdc294cdae1e3e9d5a.exe
Size

1.4MB
MD5

150c26e0a6e75076ccc1d9740f474964
SHA1

c67b640e4dc08735a46f3e11d639f912a17ce2cf
SHA256

cb46ebe1920753d5bc23c30b282a801f9e2d33b2ebb1d1cdc294cdae1e3e9d5a
SHA512

a4b9e9ee36b276d2f9714598c96b24a719ebbb0ec7d7a66cd934da79ec1dd1d7a3b95b7f51c42927056d6a4e271b9d1559aa7be99d6bc0ac17c2e5f89f334248
SSDEEP

24576:4ry2uXzmVLs11ftArg360a9aLhUFDEzVDGEB9jsC/OaJByq/LGWQ:4unl11AUE9WqDExDRB9jd2yBt/LQ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
4568	rundll32.exe
4568	rundll32.exe
2228	rundll32.exe
2228	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings	cb46ebe1920753d5bc23c30b282a801f9e2d33b2ebb1d1cdc294cdae1e3e9d5a.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 992	2164	cb46ebe1920753d5bc23c30b282a801f9e2d33b2ebb1d1cdc294cdae1e3e9d5a.exe	66
PID 2164 wrote to memory of 992	2164	cb46ebe1920753d5bc23c30b282a801f9e2d33b2ebb1d1cdc294cdae1e3e9d5a.exe	66
PID 2164 wrote to memory of 992	2164	cb46ebe1920753d5bc23c30b282a801f9e2d33b2ebb1d1cdc294cdae1e3e9d5a.exe	66
PID 992 wrote to memory of 4568	992	control.exe	68
PID 992 wrote to memory of 4568	992	control.exe	68
PID 992 wrote to memory of 4568	992	control.exe	68
PID 4568 wrote to memory of 2068	4568	rundll32.exe	69
PID 4568 wrote to memory of 2068	4568	rundll32.exe	69
PID 2068 wrote to memory of 2228	2068	RunDll32.exe	70
PID 2068 wrote to memory of 2228	2068	RunDll32.exe	70
PID 2068 wrote to memory of 2228	2068	RunDll32.exe	70

C:\Users\Admin\AppData\Local\Temp\cb46ebe1920753d5bc23c30b282a801f9e2d33b2ebb1d1cdc294cdae1e3e9d5a.exe
"C:\Users\Admin\AppData\Local\Temp\cb46ebe1920753d5bc23c30b282a801f9e2d33b2ebb1d1cdc294cdae1e3e9d5a.exe"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\A6F~Ouhs.Cpl",
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:992
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\A6F~Ouhs.Cpl",
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:4568
  - - C:\Windows\system32\RunDll32.exe
      C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\A6F~Ouhs.Cpl",
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2068
    - - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\A6F~Ouhs.Cpl",
        5⤵
        Loads dropped DLL
        
        PID:2228

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\A6F~Ouhs.Cpl

Filesize
1.4MB

MD5
3efb5ffedbc4468bcb7769390cf8328c

SHA1
0bff1d5f78549c7b4da04e90fe0a945ab5b92790

SHA256
4cc08f6532003cb1bc1a0421234b21f8e4e5363ca4a7af440af4eb39994f3965

SHA512
1a730525c28af93ce9c7271b96757f363db47c1ababe1ce41c4b9cb10c2bff175a19cdf87c1325f20deeab867366043b2478fad79df69f0d3a61814443841133

Download Submit
\Users\Admin\AppData\Local\Temp\A6F~Ouhs.cpl

Filesize
1.4MB

MD5
3efb5ffedbc4468bcb7769390cf8328c

SHA1
0bff1d5f78549c7b4da04e90fe0a945ab5b92790

SHA256
4cc08f6532003cb1bc1a0421234b21f8e4e5363ca4a7af440af4eb39994f3965

SHA512
1a730525c28af93ce9c7271b96757f363db47c1ababe1ce41c4b9cb10c2bff175a19cdf87c1325f20deeab867366043b2478fad79df69f0d3a61814443841133

Download Submit
\Users\Admin\AppData\Local\Temp\A6F~Ouhs.cpl

Filesize
1.4MB

MD5
3efb5ffedbc4468bcb7769390cf8328c

SHA1
0bff1d5f78549c7b4da04e90fe0a945ab5b92790

SHA256
4cc08f6532003cb1bc1a0421234b21f8e4e5363ca4a7af440af4eb39994f3965

SHA512
1a730525c28af93ce9c7271b96757f363db47c1ababe1ce41c4b9cb10c2bff175a19cdf87c1325f20deeab867366043b2478fad79df69f0d3a61814443841133

Download Submit
\Users\Admin\AppData\Local\Temp\A6F~Ouhs.cpl

Filesize
1.4MB

MD5
3efb5ffedbc4468bcb7769390cf8328c

SHA1
0bff1d5f78549c7b4da04e90fe0a945ab5b92790

SHA256
4cc08f6532003cb1bc1a0421234b21f8e4e5363ca4a7af440af4eb39994f3965

SHA512
1a730525c28af93ce9c7271b96757f363db47c1ababe1ce41c4b9cb10c2bff175a19cdf87c1325f20deeab867366043b2478fad79df69f0d3a61814443841133

Download Submit
\Users\Admin\AppData\Local\Temp\A6F~Ouhs.cpl

Filesize
1.4MB

MD5
3efb5ffedbc4468bcb7769390cf8328c

SHA1
0bff1d5f78549c7b4da04e90fe0a945ab5b92790

SHA256
4cc08f6532003cb1bc1a0421234b21f8e4e5363ca4a7af440af4eb39994f3965

SHA512
1a730525c28af93ce9c7271b96757f363db47c1ababe1ce41c4b9cb10c2bff175a19cdf87c1325f20deeab867366043b2478fad79df69f0d3a61814443841133

Download Submit
memory/2228-155-0x0000000000F00000-0x0000000000FB7000-memory.dmp

Filesize
732KB

Download
memory/2228-144-0x0000000004C00000-0x0000000004CFB000-memory.dmp

Filesize
1004KB

Download
memory/2228-152-0x0000000000F00000-0x0000000000FB7000-memory.dmp

Filesize
732KB

Download
memory/2228-151-0x0000000000FD0000-0x0000000001099000-memory.dmp

Filesize
804KB

Download
memory/2228-146-0x0000000000D20000-0x0000000000E7F000-memory.dmp

Filesize
1.4MB

Download
memory/2228-143-0x0000000004A00000-0x0000000004AFE000-memory.dmp

Filesize
1016KB

Download
memory/2228-156-0x0000000000F00000-0x0000000000FB7000-memory.dmp

Filesize
732KB

Download
memory/2228-142-0x0000000000D20000-0x0000000000E7F000-memory.dmp

Filesize
1.4MB

Download
memory/2228-158-0x0000000004C00000-0x0000000004CFB000-memory.dmp

Filesize
1004KB

Download
memory/4568-130-0x0000000004DE0000-0x0000000004EDB000-memory.dmp

Filesize
1004KB

Download
memory/4568-139-0x0000000000FE0000-0x0000000001097000-memory.dmp

Filesize
732KB

Download
memory/4568-137-0x0000000000FE0000-0x0000000001097000-memory.dmp

Filesize
732KB

Download
memory/4568-134-0x0000000000FE0000-0x0000000001097000-memory.dmp

Filesize
732KB

Download
memory/4568-133-0x0000000004EE0000-0x0000000004FA9000-memory.dmp

Filesize
804KB

Download
memory/4568-131-0x00000000044C0000-0x000000000461F000-memory.dmp

Filesize
1.4MB

Download
memory/4568-129-0x0000000004BE0000-0x0000000004CDE000-memory.dmp

Filesize
1016KB

Download
memory/4568-128-0x00000000044C0000-0x000000000461F000-memory.dmp

Filesize
1.4MB

Download
memory/4568-160-0x0000000004DE0000-0x0000000004EDB000-memory.dmp

Filesize
1004KB

Download

Analysis

Sharing