Overview

overview

8

Static

static

25b3cead20...7a.exe

windows7-x64

8

25b3cead20...7a.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    44s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    08/09/2022, 07:26 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    25b3cead2048079520e49392ded83c331db8f2a3540b0cbee91a9b0201de727a.exe

  • Size

    1.4MB

  • MD5

    4fd64491a0f896cb68a183535e7c5903

  • SHA1

    cb612a594c568d57afa779a9b915c356a014d4c3

  • SHA256

    25b3cead2048079520e49392ded83c331db8f2a3540b0cbee91a9b0201de727a

  • SHA512

    d00328bcf8f0c174262f8dda53e6567b1a2cffbafb7a6ef26812987c3fd06adbd23d6e2f6424c7f6c1cb03f50c24de641cbf39ba97b4f39664160e6d900ccd90

  • SSDEEP

    24576:vk+G/DQsO70QJOX6UztBru1EgzMC2Qt53VLxOCFUBow1B12ZzsaeH:mQ87uEE5T3xkxoOYZzi

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\25b3cead2048079520e49392ded83c331db8f2a3540b0cbee91a9b0201de727a.exe
    "C:\Users\Admin\AppData\Local\Temp\25b3cead2048079520e49392ded83c331db8f2a3540b0cbee91a9b0201de727a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1048
    • C:\Users\Admin\AppData\Local\Temp\ACCMT\25b3cead2048079520e49392ded83c331db8f2a3540b0cbee91a9b0201de727a.exe
      "C:\Users\Admin\AppData\Local\Temp\ACCMT\25b3cead2048079520e49392ded83c331db8f2a3540b0cbee91a9b0201de727a.exe" /UnInstall C:\Users\Admin\AppData\Local\Temp
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of FindShellTrayWindow
      PID:992

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ACCMT\25b3cead2048079520e49392ded83c331db8f2a3540b0cbee91a9b0201de727a.exe
    Filesize

    1.4MB

    MD5

    4fd64491a0f896cb68a183535e7c5903

    SHA1

    cb612a594c568d57afa779a9b915c356a014d4c3

    SHA256

    25b3cead2048079520e49392ded83c331db8f2a3540b0cbee91a9b0201de727a

    SHA512

    d00328bcf8f0c174262f8dda53e6567b1a2cffbafb7a6ef26812987c3fd06adbd23d6e2f6424c7f6c1cb03f50c24de641cbf39ba97b4f39664160e6d900ccd90

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ACCMT\25b3cead2048079520e49392ded83c331db8f2a3540b0cbee91a9b0201de727a.exe
    Filesize

    1.4MB

    MD5

    4fd64491a0f896cb68a183535e7c5903

    SHA1

    cb612a594c568d57afa779a9b915c356a014d4c3

    SHA256

    25b3cead2048079520e49392ded83c331db8f2a3540b0cbee91a9b0201de727a

    SHA512

    d00328bcf8f0c174262f8dda53e6567b1a2cffbafb7a6ef26812987c3fd06adbd23d6e2f6424c7f6c1cb03f50c24de641cbf39ba97b4f39664160e6d900ccd90

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ACCMT\25b3cead2048079520e49392ded83c331db8f2a3540b0cbee91a9b0201de727a.exe
    Filesize

    1.4MB

    MD5

    4fd64491a0f896cb68a183535e7c5903

    SHA1

    cb612a594c568d57afa779a9b915c356a014d4c3

    SHA256

    25b3cead2048079520e49392ded83c331db8f2a3540b0cbee91a9b0201de727a

    SHA512

    d00328bcf8f0c174262f8dda53e6567b1a2cffbafb7a6ef26812987c3fd06adbd23d6e2f6424c7f6c1cb03f50c24de641cbf39ba97b4f39664160e6d900ccd90

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst9E2.tmp\System.dll
    Filesize

    12KB

    MD5

    a45e5779dd7b2342789330729c11691f

    SHA1

    a7a6807b3ee5afcb6f14898d5d4abf2d58fabd44

    SHA256

    ffdec0fdffeda61f4074a9245ba5c425e6ed2a6ecbbfe07c593d14bcf6ce007b

    SHA512

    e17c9dbade785f2d7c62408ba083aa59b8ebe8b60c0c30bc2c0231423d560535c3bef9fd48fd288d1419d4cdbf05cd439d086dd4caef277c37bb4d9fbc60fc3f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst9E2.tmp\nsSkinEngine.dll
    Filesize

    646KB

    MD5

    e460a42c2c4abc7437f6a3b8a472b850

    SHA1

    24bc25f622e0b3e69c35e131f9e05cd0c678661b

    SHA256

    e94b7f35b62eb4c6360371b836251265ff6cfb7ee077afb884d860f7d76d5a05

    SHA512

    cc36225c3c7011674babb60f62de044646fb33f0d55388d17eaffa9d1f25644af955825b9a63b7dc08a31369c5ecec2a5b1721e29fe4ea211cd046e98f532a2b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst9E2.tmp\nsUtils.dll
    Filesize

    166KB

    MD5

    f94ced0f40a82f6828e498377230f041

    SHA1

    bc926b0a2344a82ee6262bfbfe12c54eca6db31a

    SHA256

    7339d2fdfc5d9fa055c8b932c708104a7bf055154062107d51e55da412a49d7e

    SHA512

    31ae5ed3886be569ad9daa1df958228a11d147b09a9f6bfa4193ab13f8be619dc03c46bcaa6e7d5df2f7d9594b55eb7287f43f48d4ef5d03c1648f126c23f631

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy791.tmp\System.dll
    Filesize

    12KB

    MD5

    a45e5779dd7b2342789330729c11691f

    SHA1

    a7a6807b3ee5afcb6f14898d5d4abf2d58fabd44

    SHA256

    ffdec0fdffeda61f4074a9245ba5c425e6ed2a6ecbbfe07c593d14bcf6ce007b

    SHA512

    e17c9dbade785f2d7c62408ba083aa59b8ebe8b60c0c30bc2c0231423d560535c3bef9fd48fd288d1419d4cdbf05cd439d086dd4caef277c37bb4d9fbc60fc3f

    Download Submit

  • memory/992-63-0x0000000074481000-0x0000000074483000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1048-54-0x00000000759F1000-0x00000000759F3000-memory.dmp

    Filesize

    8KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.