Analysis
-
max time kernel
11s -
max time network
135s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
22-07-2021 01:21
Static task
static1
Behavioral task
behavioral1
Sample
2DAAD8278E0DDD4D247303ACED4B1D41C75CE94BE3A9E.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
2DAAD8278E0DDD4D247303ACED4B1D41C75CE94BE3A9E.exe
Resource
win10v20210410
General
-
Target
2DAAD8278E0DDD4D247303ACED4B1D41C75CE94BE3A9E.exe
-
Size
285KB
-
MD5
0a3a5738d94c64e3ce080f672bf577cc
-
SHA1
5ce6fc7a48e795b84bf628c54b9f1d2aad0a6c23
-
SHA256
2daad8278e0ddd4d247303aced4b1d41c75ce94be3a9e0bf9b655c1746ac22d6
-
SHA512
e6f363e65ea024be86543fbdfe7aee2ed868ae3467bd8abd02fb2367180aaa80a8b0a06d0e8238bc87081819e7b1081e18507f17ba294fa8ecf3ec4185dee9ed
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
2DAAD8278E0DDD4D247303ACED4B1D41C75CE94BE3A9E.exepid process 2228 2DAAD8278E0DDD4D247303ACED4B1D41C75CE94BE3A9E.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\nso5C70.tmp\InstallOptions.dllMD5
5f35212d7e90ee622b10be39b09bd270
SHA1c4bc9593902adf6daaef37e456dc6100d50d0925
SHA25631944b93e44301974d9c6f810d2da792e34a53dcacd619a08cb0385ac59e513d
SHA5127514810367f56d994c6d5703b56ac16124fab5dfdcfbe337d4413274c1ff9037a2ee623e49ab2fb6227412ab29fcc49a3ada1391910d44c2b5de0adeb3e7c2f0