34e1f26fd65175ff58aa68cca0097e0206669a72715a502e20c5fb218b95dcd3 | Triage

Analysis

max time kernel
75s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
08-09-2022 11:01

Sharing

Report Analysis Logs

General

Target

Capitalism_Lab_Installer.exe
Size

236.5MB
MD5

e48861934da06b3edb02b330ebc2b202
SHA1

db7296bc29beb178ee847e4f89d99f0819d7059c
SHA256

34e1f26fd65175ff58aa68cca0097e0206669a72715a502e20c5fb218b95dcd3
SHA512

ab35ddd182eaf854e225909b9b753195af5029cfa7f63b64e0c1e753f80b6b47b6674531cab04b5d0d881e7b0fd8f51b0e7e01e9269cdad3337fe554d46dbc84
SSDEEP

6291456:5ZvnhKKaCbzWPAxr8TDwTInH44/+ofXu3m3:/vhkAxrotY4/+ofXu23

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
4860	Capitalism_Lab_Installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\Capitalism_Lab_Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Capitalism_Lab_Installer.exe"
1⤵
- Loads dropped DLL
PID:4860

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsv95CD.tmp\InstallOptions.dll

Filesize
14KB

MD5
eee2912bd1ee421cf1f1dfb1cc327d97

SHA1
c5d3741ddb195718c9b17923eb6abfb7a732bdc1

SHA256
e560384c5298ee2123e8340e716b2c4680f51b4d0347995ba3290dbd1130c6c0

SHA512
1808a068386c790d8ad5096d9fededcfa6e5688e3a68f2499418456c9cafd7b837c811298e6570212155b4a3d6038c1749cfcd9d1b86f090f66d1a5301adecb2

Download Submit