Analysis
-
max time kernel
108s -
max time network
97s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
11-06-2022 21:06
Static task
static1
Behavioral task
behavioral1
Sample
24cf939935dedc5f2abf77799581f6d2689e2e46486d16db23f921f4195c704f.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
24cf939935dedc5f2abf77799581f6d2689e2e46486d16db23f921f4195c704f.exe
Resource
win10v2004-20220414-en
General
-
Target
24cf939935dedc5f2abf77799581f6d2689e2e46486d16db23f921f4195c704f.exe
-
Size
182KB
-
MD5
ecd9d90bd2695531c62882ccf14184ee
-
SHA1
bf6f84b7fcb5ca047a16dc45349d967ecdce888c
-
SHA256
24cf939935dedc5f2abf77799581f6d2689e2e46486d16db23f921f4195c704f
-
SHA512
920af48a8d7bd17526921f90c2bb733dfc6d98e68866be5c2d0a09173d3c7f35822d6a85723edc99fe0c7655204bd61ec128f5e5248f175843feb38a1d16a37c
Malware Config
Signatures
-
Loads dropped DLL 5 IoCs
Processes:
24cf939935dedc5f2abf77799581f6d2689e2e46486d16db23f921f4195c704f.exepid process 1668 24cf939935dedc5f2abf77799581f6d2689e2e46486d16db23f921f4195c704f.exe 1668 24cf939935dedc5f2abf77799581f6d2689e2e46486d16db23f921f4195c704f.exe 1668 24cf939935dedc5f2abf77799581f6d2689e2e46486d16db23f921f4195c704f.exe 1668 24cf939935dedc5f2abf77799581f6d2689e2e46486d16db23f921f4195c704f.exe 1668 24cf939935dedc5f2abf77799581f6d2689e2e46486d16db23f921f4195c704f.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
24cf939935dedc5f2abf77799581f6d2689e2e46486d16db23f921f4195c704f.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Run 24cf939935dedc5f2abf77799581f6d2689e2e46486d16db23f921f4195c704f.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsREG = "C:\\Windows\\Temp\\wowreg32.exe" 24cf939935dedc5f2abf77799581f6d2689e2e46486d16db23f921f4195c704f.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\nsiF00B.tmp\System.dllFilesize
11KB
MD5b8992e497d57001ddf100f9c397fcef5
SHA1e26ddf101a2ec5027975d2909306457c6f61cfbd
SHA25698bcd1dd88642f4dd36a300c76ebb1ddfbbbc5bfc7e3b6d7435dc6d6e030c13b
SHA5128823b1904dccfaf031068102cb1def7958a057f49ff369f0e061f1b4db2090021aa620bb8442a2a6ac9355bb74ee54371dc2599c20dc723755a46ede81533a3c
-
\Users\Admin\AppData\Local\Temp\nsiF00B.tmp\blowfish.dllFilesize
26KB
MD5a0a4fc162c9876660aae6d06008aa0a2
SHA1c2bb69b4960660ebf8b8bafcad20a5eeb859a17b
SHA25652b8e1f958fd0a352b7a9192d73a72d1c32711ff1740ded3e80009eb44d48575
SHA512426f2c1cd52b1f0619f85c476f790b30ced912e31740fe7450dab9ed189d840b635e67ab05310269b1534d02be4afd885f952d4a231df6c232bae4313503c4ea
-
\Users\Admin\AppData\Local\Temp\nsiF00B.tmp\blowfish.dllFilesize
26KB
MD5a0a4fc162c9876660aae6d06008aa0a2
SHA1c2bb69b4960660ebf8b8bafcad20a5eeb859a17b
SHA25652b8e1f958fd0a352b7a9192d73a72d1c32711ff1740ded3e80009eb44d48575
SHA512426f2c1cd52b1f0619f85c476f790b30ced912e31740fe7450dab9ed189d840b635e67ab05310269b1534d02be4afd885f952d4a231df6c232bae4313503c4ea
-
\Users\Admin\AppData\Local\Temp\nsiF00B.tmp\inetc.dllFilesize
20KB
MD5e541458cfe66ef95ffbea40eaaa07289
SHA1caec1233f841ee72004231a3027b13cdeb13274c
SHA2563bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420
SHA5120bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c
-
\Users\Admin\AppData\Local\Temp\nsiF00B.tmp\inetc.dllFilesize
20KB
MD5e541458cfe66ef95ffbea40eaaa07289
SHA1caec1233f841ee72004231a3027b13cdeb13274c
SHA2563bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420
SHA5120bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c
-
memory/1668-54-0x00000000762C1000-0x00000000762C3000-memory.dmpFilesize
8KB