5f7e2c3aca868d28e2321913fee896d84b6e648e9289c2dacecd5bf85f7ee743 | Triage

Analysis

max time kernel
129s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
11/07/2022, 08:08

Sharing

Report Analysis Logs

General

Target

nmbdepch.exe
Size

968KB
MD5

a6e5804f4d6a9a2a823a70ad37db3716
SHA1

f20ce20488fb607162285b0ccac95bc965bf116d
SHA256

5f7e2c3aca868d28e2321913fee896d84b6e648e9289c2dacecd5bf85f7ee743
SHA512

cdea1a027cb63173035c4d0d681ad1bd0c63bb2f0a722d6d5316aaae9e474b2e9d0b21cf7f74388ff348133deab4aab92f431d125db79e8134b98d93c26ba4be

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe
1656	nmbdepch.exe

C:\Users\Admin\AppData\Local\Temp\nmbdepch.exe
"C:\Users\Admin\AppData\Local\Temp\nmbdepch.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1656

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1656-56-0x00000000750C1000-0x00000000750C3000-memory.dmp

Filesize
8KB

Download