b4937301f177f2c82b83d07e05645a0974a308af1d215fbdd33eb3f244ab24fa

General

Target

b4937301f177f2c82b83d07e05645a0974a308af1d215fbdd33eb3f244ab24fa.exe
Size

2.7MB
MD5

80b7109dc32d2b115fae0360e5b2506b
SHA1

9f7c4905efdddfbd104d7ad267830999a03879df
SHA256

b4937301f177f2c82b83d07e05645a0974a308af1d215fbdd33eb3f244ab24fa
SHA512

1db63baf70741c819686fa9d775a8e3997d866da05b889330c80abd6772059952a2d2a90203c619603aeaf32548bcb1aaa8cb7493f44526b11831b14d7440832
SSDEEP

49152:8cbi6vVSduCViDk9FlMLqHEM4W2wlnxcjq7FdHDoV1Q8eYq:8cbtOlVn1ML2f4WNnT1SQB1

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
4884	rundll32.exe
4884	rundll32.exe
3036	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings	b4937301f177f2c82b83d07e05645a0974a308af1d215fbdd33eb3f244ab24fa.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 724 wrote to memory of 4540	724	b4937301f177f2c82b83d07e05645a0974a308af1d215fbdd33eb3f244ab24fa.exe	70
PID 724 wrote to memory of 4540	724	b4937301f177f2c82b83d07e05645a0974a308af1d215fbdd33eb3f244ab24fa.exe	70
PID 724 wrote to memory of 4540	724	b4937301f177f2c82b83d07e05645a0974a308af1d215fbdd33eb3f244ab24fa.exe	70
PID 4540 wrote to memory of 4884	4540	control.exe	72
PID 4540 wrote to memory of 4884	4540	control.exe	72
PID 4540 wrote to memory of 4884	4540	control.exe	72
PID 4884 wrote to memory of 4560	4884	rundll32.exe	73
PID 4884 wrote to memory of 4560	4884	rundll32.exe	73
PID 4560 wrote to memory of 3036	4560	RunDll32.exe	74
PID 4560 wrote to memory of 3036	4560	RunDll32.exe	74
PID 4560 wrote to memory of 3036	4560	RunDll32.exe	74

C:\Users\Admin\AppData\Local\Temp\b4937301f177f2c82b83d07e05645a0974a308af1d215fbdd33eb3f244ab24fa.exe
"C:\Users\Admin\AppData\Local\Temp\b4937301f177f2c82b83d07e05645a0974a308af1d215fbdd33eb3f244ab24fa.exe"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:724
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\_A4eIUS9.CPl",
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4540
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\_A4eIUS9.CPl",
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:4884
  - - C:\Windows\system32\RunDll32.exe
      C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\_A4eIUS9.CPl",
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4560
    - - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\_A4eIUS9.CPl",
        5⤵
        Loads dropped DLL
        
        PID:3036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_A4eIUS9.CPl

Filesize
2.5MB

MD5
85d6a54b48b93379112ac260268f5dd0

SHA1
45bf1960af3f24d83fccd69819364160d3a3e56e

SHA256
3de32d3e6b1fb56c94b01c713bfe1709bedd31c3878390741c8242982384192e

SHA512
82b9f704c71ae3c95f198f9892970b3c9f9bcbb8aba3a863b23c03c75b62ac02cb936a844b4b709bc0f261e6b472a33fc6937e15f588c7024a60a3f189cc8dbc

Download Submit
\Users\Admin\AppData\Local\Temp\_A4eIuS9.cpl

Filesize
2.5MB

MD5
85d6a54b48b93379112ac260268f5dd0

SHA1
45bf1960af3f24d83fccd69819364160d3a3e56e

SHA256
3de32d3e6b1fb56c94b01c713bfe1709bedd31c3878390741c8242982384192e

SHA512
82b9f704c71ae3c95f198f9892970b3c9f9bcbb8aba3a863b23c03c75b62ac02cb936a844b4b709bc0f261e6b472a33fc6937e15f588c7024a60a3f189cc8dbc

Download Submit
\Users\Admin\AppData\Local\Temp\_A4eIuS9.cpl

Filesize
2.5MB

MD5
85d6a54b48b93379112ac260268f5dd0

SHA1
45bf1960af3f24d83fccd69819364160d3a3e56e

SHA256
3de32d3e6b1fb56c94b01c713bfe1709bedd31c3878390741c8242982384192e

SHA512
82b9f704c71ae3c95f198f9892970b3c9f9bcbb8aba3a863b23c03c75b62ac02cb936a844b4b709bc0f261e6b472a33fc6937e15f588c7024a60a3f189cc8dbc

Download Submit
\Users\Admin\AppData\Local\Temp\_A4eIuS9.cpl

Filesize
2.5MB

MD5
85d6a54b48b93379112ac260268f5dd0

SHA1
45bf1960af3f24d83fccd69819364160d3a3e56e

SHA256
3de32d3e6b1fb56c94b01c713bfe1709bedd31c3878390741c8242982384192e

SHA512
82b9f704c71ae3c95f198f9892970b3c9f9bcbb8aba3a863b23c03c75b62ac02cb936a844b4b709bc0f261e6b472a33fc6937e15f588c7024a60a3f189cc8dbc

Download Submit
memory/3036-33-0x0000000004DE0000-0x0000000004EC8000-memory.dmp

Filesize
928KB

Download
memory/3036-32-0x0000000004DE0000-0x0000000004EC8000-memory.dmp

Filesize
928KB

Download
memory/3036-30-0x0000000004DE0000-0x0000000004EC8000-memory.dmp

Filesize
928KB

Download
memory/3036-28-0x0000000004CE0000-0x0000000004DE0000-memory.dmp

Filesize
1024KB

Download
memory/3036-22-0x0000000002B90000-0x0000000002B96000-memory.dmp

Filesize
24KB

Download
memory/3036-23-0x0000000000400000-0x0000000000681000-memory.dmp

Filesize
2.5MB

Download
memory/4884-9-0x0000000002A70000-0x0000000002A76000-memory.dmp

Filesize
24KB

Download
memory/4884-20-0x0000000004D70000-0x0000000004E58000-memory.dmp

Filesize
928KB

Download
memory/4884-19-0x0000000004D70000-0x0000000004E58000-memory.dmp

Filesize
928KB

Download
memory/4884-17-0x0000000004D70000-0x0000000004E58000-memory.dmp

Filesize
928KB

Download
memory/4884-16-0x0000000004D70000-0x0000000004E58000-memory.dmp

Filesize
928KB

Download
memory/4884-15-0x0000000004C70000-0x0000000004D70000-memory.dmp

Filesize
1024KB

Download
memory/4884-10-0x0000000004780000-0x0000000004A01000-memory.dmp

Filesize
2.5MB

Download
memory/4884-8-0x0000000004780000-0x0000000004A01000-memory.dmp

Filesize
2.5MB

Download

Analysis

Sharing