Analysis

  • max time kernel
    36s
  • max time network
    53s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    05-09-2022 15:50

General

  • Target

    148b25ad23097ace1d616a362c65706e63e392133cdda5495aaa3b70e6064ffa.exe

  • Size

    541KB

  • MD5

    62aa6c852d87f9febef6a2a7a0aecf2a

  • SHA1

    5a41c755e4799ae713d76763af3a35834d4a8bf0

  • SHA256

    148b25ad23097ace1d616a362c65706e63e392133cdda5495aaa3b70e6064ffa

  • SHA512

    cf2a46d767f552536584cb44ea9fd9ebebda7770226134a33a6ac3c4727c4998b3bde77efc4cce5694df4ae85addbdcdf88241d6f31de5dc25965f039f01afa0

  • SSDEEP

    12288:UlcwJJ/ACvLJUEGsNYAzWKGw1LI5veu/C+:85AutesNZcvzC+

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\148b25ad23097ace1d616a362c65706e63e392133cdda5495aaa3b70e6064ffa.exe
    "C:\Users\Admin\AppData\Local\Temp\148b25ad23097ace1d616a362c65706e63e392133cdda5495aaa3b70e6064ffa.exe"
    1⤵
    • Loads dropped DLL
    PID:1148

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsj5A14.tmp\InstallOptions.dll

    Filesize

    19KB

    MD5

    7e1a72f2ea82c1565e18e62d56e203fb

    SHA1

    deeceba5d4070e13b7cd5eef03ca764f15c4e87b

    SHA256

    ea899ee66986936b995a1c0cff3e29001f5b45d98107ff2300b13f5231382aef

    SHA512

    6ec927fb1df949981622bf3dfdc6b143a2d250145cd99111c2f2a1a79b5c374fc0c17691847fd929902e40e5f8f6f225be14a7d58512d2c8462cb5eda5bc6b8a

  • \Users\Admin\AppData\Local\Temp\nsj5A14.tmp\InstallOptions.dll

    Filesize

    19KB

    MD5

    7e1a72f2ea82c1565e18e62d56e203fb

    SHA1

    deeceba5d4070e13b7cd5eef03ca764f15c4e87b

    SHA256

    ea899ee66986936b995a1c0cff3e29001f5b45d98107ff2300b13f5231382aef

    SHA512

    6ec927fb1df949981622bf3dfdc6b143a2d250145cd99111c2f2a1a79b5c374fc0c17691847fd929902e40e5f8f6f225be14a7d58512d2c8462cb5eda5bc6b8a

  • \Users\Admin\AppData\Local\Temp\nsj5A14.tmp\UserInfo.dll

    Filesize

    4KB

    MD5

    95b903c6bcef93bb5132c117f0a93c16

    SHA1

    5dd30514283df153f1a8ae1ce3431fdb80696166

    SHA256

    0d5445207cea6aa1e0672504868e9e1498c6197d7948bc34cc74f05d56d6ea7d

    SHA512

    c704a011d9a08b2e563a86a4ca3aed6070aaa554b869bc902dae5fce779d3773bd69f4f0a84d6954bd30ec3309d702d317d443b1c94b851221a59f68eb159ae6

  • memory/1148-54-0x000007FEFB651000-0x000007FEFB653000-memory.dmp

    Filesize

    8KB