0d3f91f971da76264ff0e06e0ffa295785718cfc6f3711ce1fe14d0092659a40 | Triage

Analysis

max time kernel
91s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
03-07-2022 10:59

Sharing

Report Analysis Logs

General

Target

39514.exe
Size

19.9MB
MD5

236776adc883fbac2fdaca33f631b73c
SHA1

395148e3130ca8ce6974db44a080a39e806e1360
SHA256

0d3f91f971da76264ff0e06e0ffa295785718cfc6f3711ce1fe14d0092659a40
SHA512

7da575bd1dbff32c864e941778f0397d028c636aca4ebbb0a76ce35fcb099eb16daba3724f42bb8f3290f4bb9624af888eb72ad6fda24a1f67e00d3e9df19ec6

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

39514.exe

pid process

3984 39514.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\39514.exe
"C:\Users\Admin\AppData\Local\Temp\39514.exe"
1⤵
- Loads dropped DLL
PID:3984

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nso9159.tmp\InstallOptions.dll
Filesize
15KB

MD5
828a94a3b9a080f79e84015b55fce227

SHA1
c15c615925bb72531ba32194253eefa49edaa93a

SHA256
1d0a17641f697203fd0c0b9ba0b715436299203c9c1be90c458fe668a1eb68d2

SHA512
c3d41a3f9377a8c18a85eec50a3eb3cf5a4ec8ea4bbffd73992455cb01aaed9f158183bc647684f82c516534266a46ccfcd7c2c0b3e1b73774c3bedc9e80054a

Download Submit