Analysis
-
max time kernel
111s -
max time network
11s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
22-07-2021 02:02
General
-
Target
2DAAD8278E0DDD4D247303ACED4B1D41C75CE94BE3A9E.exe
-
Size
285KB
-
MD5
0a3a5738d94c64e3ce080f672bf577cc
-
SHA1
5ce6fc7a48e795b84bf628c54b9f1d2aad0a6c23
-
SHA256
2daad8278e0ddd4d247303aced4b1d41c75ce94be3a9e0bf9b655c1746ac22d6
-
SHA512
e6f363e65ea024be86543fbdfe7aee2ed868ae3467bd8abd02fb2367180aaa80a8b0a06d0e8238bc87081819e7b1081e18507f17ba294fa8ecf3ec4185dee9ed
Score
7/10
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2DAAD8278E0DDD4D247303ACED4B1D41C75CE94BE3A9E.exe"C:\Users\Admin\AppData\Local\Temp\2DAAD8278E0DDD4D247303ACED4B1D41C75CE94BE3A9E.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\nsi961A.tmp\InstallOptions.dllMD5
5f35212d7e90ee622b10be39b09bd270
SHA1c4bc9593902adf6daaef37e456dc6100d50d0925
SHA25631944b93e44301974d9c6f810d2da792e34a53dcacd619a08cb0385ac59e513d
SHA5127514810367f56d994c6d5703b56ac16124fab5dfdcfbe337d4413274c1ff9037a2ee623e49ab2fb6227412ab29fcc49a3ada1391910d44c2b5de0adeb3e7c2f0
-
memory/280-60-0x0000000075041000-0x0000000075043000-memory.dmpFilesize
8KB