e84cac854a439ca9097b29ead5938b3fc4f867dbc7d0c388633db9df0760edcc

General

Target

0ca817b68a4cf545e013e54fc7a92080.exe
Size

2.4MB
MD5

0ca817b68a4cf545e013e54fc7a92080
SHA1

4d3bd4759fcb91b2b262ef405760a65ef90c7399
SHA256

e84cac854a439ca9097b29ead5938b3fc4f867dbc7d0c388633db9df0760edcc
SHA512

f1c45275560fbd97cdd5fce6dd30cede344be116cdb29fef1cb8af0f4d6bac698309cb256e9ea4481e3fa49f5c2ccc5ea7b28719b487a0bc07eced37a0f1d90d
SSDEEP

49152:ysldGfuxKAltBwkx1MOrttjbV7ZZBZZ331Ruomp5KloYRp:ysHlw4SOHxZBRuoS5TYn

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 2752	2956	0ca817b68a4cf545e013e54fc7a92080.exe	18
PID 2956 wrote to memory of 2752	2956	0ca817b68a4cf545e013e54fc7a92080.exe	18
PID 2956 wrote to memory of 2752	2956	0ca817b68a4cf545e013e54fc7a92080.exe	18
PID 2956 wrote to memory of 2752	2956	0ca817b68a4cf545e013e54fc7a92080.exe	18

C:\Users\Admin\AppData\Local\Temp\0ca817b68a4cf545e013e54fc7a92080.exe
"C:\Users\Admin\AppData\Local\Temp\0ca817b68a4cf545e013e54fc7a92080.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\JRAYPwD9.cPL",
  2⤵
  PID:2752
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\JRAYPwD9.cPL",
    3⤵
    PID:3048
  - - C:\Windows\system32\RunDll32.exe
      C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\JRAYPwD9.cPL",
      4⤵
      PID:836

C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\JRAYPwD9.cPL",
1⤵
PID:1360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\jrAYpwD9.cpl

Filesize
2.5MB

MD5
eb7172473d7102b5666690eacfe5b2a5

SHA1
0856e1b01f3c484f7caceaf32cf7defa6991790f

SHA256
ee74bc38b1926bf0fed3ee6a4783dfe9bbaba154a34c5abb6bea09064aec4493

SHA512
7184015eaff8e4b008bbcd7e1aeee6c14345c0a5b13e287c601655a0fd1a79697f4ef7118d50b3e139f2a5909dc0c28841198e37195f692809ac70dd9052c2d3

Download Submit
\Users\Admin\AppData\Local\Temp\jrAYpwD9.cpl

Filesize
382KB

MD5
1ecc7f30495c90ae70750aeeca671eee

SHA1
9b673185ce0662f2f9bc38542d97c9aba53bd563

SHA256
62abcc7eb7b24835853b4c6835464d68abfe57f79bd0a9efc69cc74c651db0db

SHA512
7faf3fefff52845e0d259ffc518e3f70ea7cdf497766c2dfc1e417ed208510e35bde3531abc01d551fa4761e7e5adc3ac559b5f4a9b8944c9b90aaf2cbf66670

Download Submit
\Users\Admin\AppData\Local\Temp\jrAYpwD9.cpl

Filesize
92KB

MD5
4aa378b464c4915f13f6ecfadf4cf01d

SHA1
53470b9d1309787afdd119e3b5edf4fbfd277d18

SHA256
63453b00f2d7fbc478be2efd1a893f6de78b1a709309cdb7d42df170c250cb93

SHA512
1655a2de89935a8117d022b0fd1cf51dd652849750a20038f8ec5408361f248803765202180a729b9ac98905cdc32ea110c8aba22b81503abbb13a1804b9745a

Download Submit
memory/1360-49-0x000000007B900000-0x000000007B94A000-memory.dmp

Filesize
296KB

Download
memory/1360-44-0x0000000003490000-0x00000000035A9000-memory.dmp

Filesize
1.1MB

Download
memory/1360-48-0x0000000000130000-0x0000000000142000-memory.dmp

Filesize
72KB

Download
memory/1360-47-0x0000000003490000-0x00000000035A9000-memory.dmp

Filesize
1.1MB

Download
memory/1360-43-0x0000000003380000-0x000000000348F000-memory.dmp

Filesize
1.1MB

Download
memory/1360-41-0x0000000002A90000-0x0000000002BAE000-memory.dmp

Filesize
1.1MB

Download
memory/1360-36-0x0000000002A90000-0x0000000002BAE000-memory.dmp

Filesize
1.1MB

Download
memory/1360-38-0x0000000002A90000-0x0000000002BAE000-memory.dmp

Filesize
1.1MB

Download
memory/1360-35-0x0000000002A90000-0x0000000002BAE000-memory.dmp

Filesize
1.1MB

Download
memory/1360-34-0x0000000002950000-0x0000000002A8C000-memory.dmp

Filesize
1.2MB

Download
memory/3048-14-0x00000000028A0000-0x00000000029BE000-memory.dmp

Filesize
1.1MB

Download
memory/3048-23-0x00000000032A0000-0x00000000033B9000-memory.dmp

Filesize
1.1MB

Download
memory/3048-20-0x00000000028A0000-0x00000000029BE000-memory.dmp

Filesize
1.1MB

Download
memory/3048-22-0x0000000003190000-0x000000000329F000-memory.dmp

Filesize
1.1MB

Download
memory/3048-21-0x00000000029C0000-0x0000000003185000-memory.dmp

Filesize
7.8MB

Download
memory/3048-18-0x0000000010000000-0x0000000010278000-memory.dmp

Filesize
2.5MB

Download
memory/3048-17-0x00000000028A0000-0x00000000029BE000-memory.dmp

Filesize
1.1MB

Download
memory/3048-15-0x00000000028A0000-0x00000000029BE000-memory.dmp

Filesize
1.1MB

Download
memory/3048-13-0x0000000002760000-0x000000000289C000-memory.dmp

Filesize
1.2MB

Download
memory/3048-8-0x0000000000180000-0x0000000000186000-memory.dmp

Filesize
24KB

Download
memory/3048-9-0x0000000010000000-0x0000000010278000-memory.dmp

Filesize
2.5MB

Download
memory/3048-55-0x00000000032A0000-0x00000000033B9000-memory.dmp

Filesize
1.1MB

Download
memory/3048-56-0x0000000000110000-0x0000000000122000-memory.dmp

Filesize
72KB

Download

Analysis

Sharing