Overview

overview

7

Static

static

1

5EC9166924...1B.exe

windows7_x64

7

5EC9166924...1B.exe

windows10-2004_x64

7

Analysis

  • max time kernel
    4294088s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20220310-en
  • submitted
    06-04-2022 18:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5EC916692459E93949544DB39FDCE71B.exe

  • Size

    2.3MB

  • MD5

    5ec916692459e93949544db39fdce71b

  • SHA1

    6b367f296b8d35693dc7b3376c10afc1aa356d1c

  • SHA256

    6f1ed485d1206bb2d0a1b5e6246a0a7740dabe66bf79e4ab26f82c74f90b23da

  • SHA512

    9e851d67ffc54cf1fb9e2a06988662e082eb76c658dc9928a45f793bddd8ad90e9ddaec211f8334fb0b63e10acede8b38190463126f44affa65660e100bdc6cf

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\5EC916692459E93949544DB39FDCE71B.exe
    "C:\Users\Admin\AppData\Local\Temp\5EC916692459E93949544DB39FDCE71B.exe"
    1⤵
    • Loads dropped DLL
    PID:1636

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nst88D0.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    8d5a5529462a9ba1ac068ee0502578c7

    SHA1

    875e651e302ce0bfc8893f341cf19171fee25ea5

    SHA256

    e625dcd0188594b1289891b64debddeb5159aca182b83a12675427b320bf7790

    SHA512

    101da2c33f47bd85b8934318e0f0b72f820afc928a2a21e2c7823875e3a0e830f7c67f42b4c2f30596eaa073617790c89700c0d95b7949ec617e52800b61d462

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst88D0.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    dada3e1836af78d5b24499da252d01e4

    SHA1

    d2a1c25405e3c74973cf18dec2c7138df9e96a83

    SHA256

    0073337816509851476c2cc154f471a3e3a1a2806b97c363870acc09a30a5ed7

    SHA512

    f8bda8413dadb00a644341da5e076f203a3134daaefd2961fa0341f5a533eee28582ce9872354ead698bb1275ee7726fa574267e909a3e2f977908392e7a5c66

    Download Submit

  • memory/1636-54-0x0000000076141000-0x0000000076143000-memory.dmp

    Filesize

    8KB

    Download