1817a5bf9c01035bcf8a975c9f1d94b0ce7f6a200339485d8f93859f8f6d730c

Analysis

Target

NETSETUPSVC.DLL
Size

313KB
MD5

35abfb98dac5bf48f7ac0e67afc9bdb7
SHA1

9185029c2630b220a74620c8f3d04886a457e1cf
SHA256

1817a5bf9c01035bcf8a975c9f1d94b0ce7f6a200339485d8f93859f8f6d730c
SHA512

93f1336e3bc7ac01561f0ad7ce5fec7ae078e55db0f5b0cf0663cb5dbbe2acb08f27490da179e27579debc04843bf02f047456c516bf0345ba827e0efe85149a

Score

5^/10

ransomware

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
ransomware

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
744	cmd.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\NETSETUPSVC.DLL
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:744

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/744-2-0x000007FEFBC41000-0x000007FEFBC43000-memory.dmp

Filesize
8KB

Download
memory/744-3-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download