4c1baefb3e979faa7733ff1269d1909553eb583c9994c93e80207993ab05b414

Analysis

Target

tesetup.exe
Size

8.5MB
MD5

e2117b1bcb242413dac0c2ab781185cf
SHA1

87b125bd59fc9ff51e2b34ce7af0fcb63e4a906b
SHA256

17f049fecfce6461a398d914d6c265d0e0a074fa601310698b436445135b4797
SHA512

abdeb1512b4b4488b6b1c9fb0bfeba3cd5dae3eb3ac25d530497fd7cde4dc1dccd3fbc953afef404234b6c79e1d128b70807a332c54684cf17168b4eaba56362

Score

7^/10

Loads dropped DLL 2 IoCs

Processes:

tesetup.exe

pid process

640 tesetup.exe
640 tesetup.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
640	tesetup.exe
640	tesetup.exe

C:\Users\Admin\AppData\Local\Temp\tesetup.exe
"C:\Users\Admin\AppData\Local\Temp\tesetup.exe"
1⤵
- Loads dropped DLL
PID:640

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

\Users\Admin\AppData\Local\Temp\nsm8A55.tmp\System.dll
MD5
0063d48afe5a0cdc02833145667b6641

SHA1
e7eb614805d183ecb1127c62decb1a6be1b4f7a8

SHA256
ac9dfe3b35ea4b8932536ed7406c29a432976b685cc5322f94ef93df920fede7

SHA512
71cbbcaeb345e09306e368717ea0503fe8df485be2e95200febc61bcd8ba74fb4211cd263c232f148c0123f6c6f2e3fd4ea20bdecc4070f5208c35c6920240f0

Download Submit
\Users\Admin\AppData\Local\Temp\nsm8A55.tmp\nsDialogs.dll
MD5
6e64e5d5f9498058a300b26b8741d9d5

SHA1
837ce28e5e02788da63a7f1d8f20207d2b0bf523

SHA256
8d4b1c275fd1cd0782a265080b56d1aec8d1c93edca5ef3b050d1d20d7b61f33

SHA512
f53514d36021d79f85df2494d403f03589b3ad848889b9224f962cc932ef740f127131a914c7171ad8136ca1ef631285ea1c80576db18ccf8ea56940eb00ea1e

Download Submit