a31ecfcc4ed4a28b39fa161ccf181289a690afb838c5e46266e4719602df36b7

Analysis

max time kernel
76s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2022, 06:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a31ecfcc4ed4a28b39fa161ccf181289a690afb838c5e46266e4719602df36b7.exe
Size

213KB
MD5

b4dd079e4921e1172e64a90950b32064
SHA1

dddcffa733135d278f24bb7073e2bf8c76bdb16d
SHA256

a31ecfcc4ed4a28b39fa161ccf181289a690afb838c5e46266e4719602df36b7
SHA512

7e9ca29bfe5cf0f48aa33328bdfd75239ee0a7d159894c49d8b6e11a22cc00f01a9c0d1c778d872b16b41c255206d6aa71c3b672b92915a30feeb6eb1bba392c
SSDEEP

1536:qdSBnQm5QcVqjrkY3e+PuavOYR6CbdZsuuNB5oIVd9/X:RBn/V4oCtuavbwocX

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4936	Un_A.exe

Loads dropped DLL 2 IoCs

pid	Process
4936	Un_A.exe
4936	Un_A.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 4936	5044	a31ecfcc4ed4a28b39fa161ccf181289a690afb838c5e46266e4719602df36b7.exe	83
PID 5044 wrote to memory of 4936	5044	a31ecfcc4ed4a28b39fa161ccf181289a690afb838c5e46266e4719602df36b7.exe	83
PID 5044 wrote to memory of 4936	5044	a31ecfcc4ed4a28b39fa161ccf181289a690afb838c5e46266e4719602df36b7.exe	83

C:\Users\Admin\AppData\Local\Temp\a31ecfcc4ed4a28b39fa161ccf181289a690afb838c5e46266e4719602df36b7.exe
"C:\Users\Admin\AppData\Local\Temp\a31ecfcc4ed4a28b39fa161ccf181289a690afb838c5e46266e4719602df36b7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4936

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsf7D34.tmp\System.dll

Filesize
11KB

MD5
24523fe14bb9ba400a3950016b187915

SHA1
6ec152b4e4ac04038d4608a8a206070185116036

SHA256
c4aaf80e3990185eeb5ea56bf841dbf5f3d02269d715f3bfdfe8b54aa797a7b9

SHA512
ae73351d27109187f7c4e312bc30a165202f29d74c65dd0feaee75dab72b97d27c6482b1e95771063afec7e9f2ca03a27a11cd25e39228072b69c33fffef7257

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf7D34.tmp\nsExec.dll

Filesize
6KB

MD5
1cf768cdc98419962be6449925b56991

SHA1
6f3a40a5e0bc9907eb3d398bc29d15d32f56d557

SHA256
51d7a5d1f57067fdab6cee8878bd7cb4883eb67ac69d8118a19fd56d7a65bd14

SHA512
c8c8575c86e548e9f36e979a58ea63a6b5ab033a89dc5ba5e41616cfadd0bb0a66e61383cec91f60e975405ffc3368d3a044fa5316f80b9d9952a816d4844c4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

Filesize
213KB

MD5
b4dd079e4921e1172e64a90950b32064

SHA1
dddcffa733135d278f24bb7073e2bf8c76bdb16d

SHA256
a31ecfcc4ed4a28b39fa161ccf181289a690afb838c5e46266e4719602df36b7

SHA512
7e9ca29bfe5cf0f48aa33328bdfd75239ee0a7d159894c49d8b6e11a22cc00f01a9c0d1c778d872b16b41c255206d6aa71c3b672b92915a30feeb6eb1bba392c

Download Submit
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

Filesize
213KB

MD5
b4dd079e4921e1172e64a90950b32064

SHA1
dddcffa733135d278f24bb7073e2bf8c76bdb16d

SHA256
a31ecfcc4ed4a28b39fa161ccf181289a690afb838c5e46266e4719602df36b7

SHA512
7e9ca29bfe5cf0f48aa33328bdfd75239ee0a7d159894c49d8b6e11a22cc00f01a9c0d1c778d872b16b41c255206d6aa71c3b672b92915a30feeb6eb1bba392c

Download Submit