f9508e81f1ac31569646fde9e864e25212457ca62ac768e23fbb95c290950e99

Analysis

max time kernel
142s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05-09-2022 15:50

Target

148b25ad23097ace1d616a362c65706e63e392133cdda5495aaa3b70e6064ffa.exe
Size

541KB
MD5

62aa6c852d87f9febef6a2a7a0aecf2a
SHA1

5a41c755e4799ae713d76763af3a35834d4a8bf0
SHA256

148b25ad23097ace1d616a362c65706e63e392133cdda5495aaa3b70e6064ffa
SHA512

cf2a46d767f552536584cb44ea9fd9ebebda7770226134a33a6ac3c4727c4998b3bde77efc4cce5694df4ae85addbdcdf88241d6f31de5dc25965f039f01afa0
SSDEEP

12288:UlcwJJ/ACvLJUEGsNYAzWKGw1LI5veu/C+:85AutesNZcvzC+

Score

7^/10

Loads dropped DLL 3 IoCs

Processes:

148b25ad23097ace1d616a362c65706e63e392133cdda5495aaa3b70e6064ffa.exe

pid	process
4668	148b25ad23097ace1d616a362c65706e63e392133cdda5495aaa3b70e6064ffa.exe
4668	148b25ad23097ace1d616a362c65706e63e392133cdda5495aaa3b70e6064ffa.exe
4668	148b25ad23097ace1d616a362c65706e63e392133cdda5495aaa3b70e6064ffa.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\148b25ad23097ace1d616a362c65706e63e392133cdda5495aaa3b70e6064ffa.exe
"C:\Users\Admin\AppData\Local\Temp\148b25ad23097ace1d616a362c65706e63e392133cdda5495aaa3b70e6064ffa.exe"
1⤵
- Loads dropped DLL
PID:4668

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\nsyAA5F.tmp\InstallOptions.dll

Filesize
19KB

MD5
7e1a72f2ea82c1565e18e62d56e203fb

SHA1
deeceba5d4070e13b7cd5eef03ca764f15c4e87b

SHA256
ea899ee66986936b995a1c0cff3e29001f5b45d98107ff2300b13f5231382aef

SHA512
6ec927fb1df949981622bf3dfdc6b143a2d250145cd99111c2f2a1a79b5c374fc0c17691847fd929902e40e5f8f6f225be14a7d58512d2c8462cb5eda5bc6b8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyAA5F.tmp\InstallOptions.dll

Filesize
19KB

MD5
7e1a72f2ea82c1565e18e62d56e203fb

SHA1
deeceba5d4070e13b7cd5eef03ca764f15c4e87b

SHA256
ea899ee66986936b995a1c0cff3e29001f5b45d98107ff2300b13f5231382aef

SHA512
6ec927fb1df949981622bf3dfdc6b143a2d250145cd99111c2f2a1a79b5c374fc0c17691847fd929902e40e5f8f6f225be14a7d58512d2c8462cb5eda5bc6b8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyAA5F.tmp\UserInfo.dll

Filesize
4KB

MD5
95b903c6bcef93bb5132c117f0a93c16

SHA1
5dd30514283df153f1a8ae1ce3431fdb80696166

SHA256
0d5445207cea6aa1e0672504868e9e1498c6197d7948bc34cc74f05d56d6ea7d

SHA512
c704a011d9a08b2e563a86a4ca3aed6070aaa554b869bc902dae5fce779d3773bd69f4f0a84d6954bd30ec3309d702d317d443b1c94b851221a59f68eb159ae6

Download Submit