Analysis
-
max time kernel
91s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
03-07-2022 10:59
Static task
static1
Behavioral task
behavioral1
Sample
39514.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
39514.exe
Resource
win10v2004-20220414-en
General
-
Target
39514.exe
-
Size
19.9MB
-
MD5
236776adc883fbac2fdaca33f631b73c
-
SHA1
395148e3130ca8ce6974db44a080a39e806e1360
-
SHA256
0d3f91f971da76264ff0e06e0ffa295785718cfc6f3711ce1fe14d0092659a40
-
SHA512
7da575bd1dbff32c864e941778f0397d028c636aca4ebbb0a76ce35fcb099eb16daba3724f42bb8f3290f4bb9624af888eb72ad6fda24a1f67e00d3e9df19ec6
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
39514.exepid process 3984 39514.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\nso9159.tmp\InstallOptions.dllFilesize
15KB
MD5828a94a3b9a080f79e84015b55fce227
SHA1c15c615925bb72531ba32194253eefa49edaa93a
SHA2561d0a17641f697203fd0c0b9ba0b715436299203c9c1be90c458fe668a1eb68d2
SHA512c3d41a3f9377a8c18a85eec50a3eb3cf5a4ec8ea4bbffd73992455cb01aaed9f158183bc647684f82c516534266a46ccfcd7c2c0b3e1b73774c3bedc9e80054a