Analysis

  • max time kernel
    37s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05-09-2022 15:50

General

  • Target

    2b247f89f132b4674e69a4403e715f7eb951278e77bdb9a9f62605d21b6df2d0.exe

  • Size

    544KB

  • MD5

    04c811dbb1cd5fa75cf421a1cd120c61

  • SHA1

    3e07f85dd20e33121ac57f8c7b4f43276eda502a

  • SHA256

    2b247f89f132b4674e69a4403e715f7eb951278e77bdb9a9f62605d21b6df2d0

  • SHA512

    7d66d132389de918905ef5a135ef90a83e97dfad4677a159f3d39b56f35e4ccf6d40f0a0478e9b8f94446c79a71a9d8f7a6f6a812f5aa35ba8b0cd798e3c72cd

  • SSDEEP

    12288:/hNBUWNS654GrKqbSI4Tss/wQyLLlZCAfRdEN5aq:9UWMxGrxeIcgvlZCAJdEr5

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2b247f89f132b4674e69a4403e715f7eb951278e77bdb9a9f62605d21b6df2d0.exe
    "C:\Users\Admin\AppData\Local\Temp\2b247f89f132b4674e69a4403e715f7eb951278e77bdb9a9f62605d21b6df2d0.exe"
    1⤵
    • Loads dropped DLL
    PID:1972

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsyFD35.tmp\InstallOptions.dll

    Filesize

    19KB

    MD5

    6cea6371a970b2646ff63be4b3f282a9

    SHA1

    3c9f44f5027f988e9b350c003911551b48c8c5cb

    SHA256

    7792ec631895511cb454c8d8ed13754641558878ea615a7fb3dffdec8f9f1b33

    SHA512

    54dcb84901734a405d9c88b2ab81e24972bde995807188b63046721277dcef41cfd6d39b58565b6cecad2442876050f589b9d4ff69f027624546683b90563f97

  • \Users\Admin\AppData\Local\Temp\nsyFD35.tmp\InstallOptions.dll

    Filesize

    19KB

    MD5

    6cea6371a970b2646ff63be4b3f282a9

    SHA1

    3c9f44f5027f988e9b350c003911551b48c8c5cb

    SHA256

    7792ec631895511cb454c8d8ed13754641558878ea615a7fb3dffdec8f9f1b33

    SHA512

    54dcb84901734a405d9c88b2ab81e24972bde995807188b63046721277dcef41cfd6d39b58565b6cecad2442876050f589b9d4ff69f027624546683b90563f97

  • \Users\Admin\AppData\Local\Temp\nsyFD35.tmp\System.dll

    Filesize

    11KB

    MD5

    d543257e01e76a856ef800564a9414df

    SHA1

    28750db391621008f570e1a4d5350219b3cfbba8

    SHA256

    d74149b7c010fb71f8e341e89837f072e29e1c352c2895da4207aa0e440c5423

    SHA512

    9e9bbf15780458c9421ec840dd5e129b5c8f52245a0d748fbab077db60d323dfed38eda3c08ff60aaf95ad32c10608b76b395558ee39623f99ecb5ceb8e64ff4

  • \Users\Admin\AppData\Local\Temp\nsyFD35.tmp\UserInfo.dll

    Filesize

    4KB

    MD5

    3200e5e32e04bcd5c6de46c1e9d3f713

    SHA1

    ea00f63a135575dd6f7e122092a75d484f157006

    SHA256

    e8a18f997fa73793d228b34546e2ca723fccec4dc1e2f72b756bd6497c4cb4a1

    SHA512

    e4ef1f14eb898d0466efd741a2a4c64ad0436908817448e0208d77cfbf48a7044cc9c874d50b52e119409134765f3938a0b88ebdce4dbe053e00b2c63c56b8c5

  • memory/1972-54-0x000007FEFBD21000-0x000007FEFBD23000-memory.dmp

    Filesize

    8KB