3a475de6f16bb3daa8cf63b8a152624ad7bd72fe722ed8d0089591ce84460b6d

Analysis

max time kernel
72s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2022 05:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f85af76bd91006e0b4dadeed4086dde.exe
Size

6.3MB
MD5

6f85af76bd91006e0b4dadeed4086dde
SHA1

5364d7dbaae70271b32e9aa6d523683633e89a3f
SHA256

3a475de6f16bb3daa8cf63b8a152624ad7bd72fe722ed8d0089591ce84460b6d
SHA512

bf07ff13fde11f13ecd477b2978f4cabe233a83c1a33000b08da96c37d0645dd7e9fbb9ef78af777155fce8771a4392138c3682aa903f0c59d60083abcd73e09
SSDEEP

196608:R0D3tYN3E+IpPXNWRLQIPnS2iQFsz9/kLa66heolXDy:RKC1FIRdWmQSHoiFy

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 13 IoCs

pid	Process
5108	6f85af76bd91006e0b4dadeed4086dde.exe
5108	6f85af76bd91006e0b4dadeed4086dde.exe
5108	6f85af76bd91006e0b4dadeed4086dde.exe
5108	6f85af76bd91006e0b4dadeed4086dde.exe
5108	6f85af76bd91006e0b4dadeed4086dde.exe
5108	6f85af76bd91006e0b4dadeed4086dde.exe
5108	6f85af76bd91006e0b4dadeed4086dde.exe
5108	6f85af76bd91006e0b4dadeed4086dde.exe
5108	6f85af76bd91006e0b4dadeed4086dde.exe
5108	6f85af76bd91006e0b4dadeed4086dde.exe
5108	6f85af76bd91006e0b4dadeed4086dde.exe
5108	6f85af76bd91006e0b4dadeed4086dde.exe
5108	6f85af76bd91006e0b4dadeed4086dde.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
5108	6f85af76bd91006e0b4dadeed4086dde.exe
5108	6f85af76bd91006e0b4dadeed4086dde.exe
5108	6f85af76bd91006e0b4dadeed4086dde.exe
5108	6f85af76bd91006e0b4dadeed4086dde.exe
5108	6f85af76bd91006e0b4dadeed4086dde.exe

C:\Users\Admin\AppData\Local\Temp\6f85af76bd91006e0b4dadeed4086dde.exe
"C:\Users\Admin\AppData\Local\Temp\6f85af76bd91006e0b4dadeed4086dde.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:5108

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nst9214.tmp\ButtonEvent.dll

Filesize
52KB

MD5
406d3a56204a88bb8882dde68835d37d

SHA1
823a2318e15d2f08f66bb86f0c5923f690ea523b

SHA256
e3c69eb5529d4043ae2e71056bf187dbe7c15830cc7e11dd2a28edd498aaa662

SHA512
a764ccf3299f98fb0158f6f4278725b54c9ee2c722c20c6397564a3257c5b68eff36dd960d42905287fec9525eda9f93f3122ff5f213886ceb1ac2e33fb46246

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst9214.tmp\KKRtNsisMiniExtend.dll

Filesize
1.3MB

MD5
020bd973eb43088ed6eda651bc726842

SHA1
b1763f1517e8483e9d20a786742dd938f7d02b77

SHA256
8ea90564b9602ed47e578179cb34c8321bc3d8adff4aa80bba9a6748657f86de

SHA512
8749965c68a3336bc3884cc8a034a4b5db1353a3c4d3bcdefecdbf4b0ccd4d0094d69a3787607c0c6c75d21c0bf5d45fbc67295518e8f2cdc5246acc9cac37e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst9214.tmp\KKRtNsisMiniExtend.dll

Filesize
1.3MB

MD5
020bd973eb43088ed6eda651bc726842

SHA1
b1763f1517e8483e9d20a786742dd938f7d02b77

SHA256
8ea90564b9602ed47e578179cb34c8321bc3d8adff4aa80bba9a6748657f86de

SHA512
8749965c68a3336bc3884cc8a034a4b5db1353a3c4d3bcdefecdbf4b0ccd4d0094d69a3787607c0c6c75d21c0bf5d45fbc67295518e8f2cdc5246acc9cac37e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst9214.tmp\KKRtNsisMiniExtend.dll

Filesize
1.3MB

MD5
020bd973eb43088ed6eda651bc726842

SHA1
b1763f1517e8483e9d20a786742dd938f7d02b77

SHA256
8ea90564b9602ed47e578179cb34c8321bc3d8adff4aa80bba9a6748657f86de

SHA512
8749965c68a3336bc3884cc8a034a4b5db1353a3c4d3bcdefecdbf4b0ccd4d0094d69a3787607c0c6c75d21c0bf5d45fbc67295518e8f2cdc5246acc9cac37e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst9214.tmp\KKRtNsisMiniExtend.dll

Filesize
1.3MB

MD5
020bd973eb43088ed6eda651bc726842

SHA1
b1763f1517e8483e9d20a786742dd938f7d02b77

SHA256
8ea90564b9602ed47e578179cb34c8321bc3d8adff4aa80bba9a6748657f86de

SHA512
8749965c68a3336bc3884cc8a034a4b5db1353a3c4d3bcdefecdbf4b0ccd4d0094d69a3787607c0c6c75d21c0bf5d45fbc67295518e8f2cdc5246acc9cac37e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst9214.tmp\KKRtNsisMiniExtend.dll

Filesize
1.3MB

MD5
020bd973eb43088ed6eda651bc726842

SHA1
b1763f1517e8483e9d20a786742dd938f7d02b77

SHA256
8ea90564b9602ed47e578179cb34c8321bc3d8adff4aa80bba9a6748657f86de

SHA512
8749965c68a3336bc3884cc8a034a4b5db1353a3c4d3bcdefecdbf4b0ccd4d0094d69a3787607c0c6c75d21c0bf5d45fbc67295518e8f2cdc5246acc9cac37e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst9214.tmp\KKRtNsisMiniExtend.dll

Filesize
1.3MB

MD5
020bd973eb43088ed6eda651bc726842

SHA1
b1763f1517e8483e9d20a786742dd938f7d02b77

SHA256
8ea90564b9602ed47e578179cb34c8321bc3d8adff4aa80bba9a6748657f86de

SHA512
8749965c68a3336bc3884cc8a034a4b5db1353a3c4d3bcdefecdbf4b0ccd4d0094d69a3787607c0c6c75d21c0bf5d45fbc67295518e8f2cdc5246acc9cac37e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst9214.tmp\KKRtNsisMiniExtend.dll

Filesize
1.3MB

MD5
020bd973eb43088ed6eda651bc726842

SHA1
b1763f1517e8483e9d20a786742dd938f7d02b77

SHA256
8ea90564b9602ed47e578179cb34c8321bc3d8adff4aa80bba9a6748657f86de

SHA512
8749965c68a3336bc3884cc8a034a4b5db1353a3c4d3bcdefecdbf4b0ccd4d0094d69a3787607c0c6c75d21c0bf5d45fbc67295518e8f2cdc5246acc9cac37e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst9214.tmp\KKRtNsisMiniExtend.dll

Filesize
1.3MB

MD5
020bd973eb43088ed6eda651bc726842

SHA1
b1763f1517e8483e9d20a786742dd938f7d02b77

SHA256
8ea90564b9602ed47e578179cb34c8321bc3d8adff4aa80bba9a6748657f86de

SHA512
8749965c68a3336bc3884cc8a034a4b5db1353a3c4d3bcdefecdbf4b0ccd4d0094d69a3787607c0c6c75d21c0bf5d45fbc67295518e8f2cdc5246acc9cac37e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst9214.tmp\KKRtNsisMiniExtend.dll

Filesize
1.3MB

MD5
020bd973eb43088ed6eda651bc726842

SHA1
b1763f1517e8483e9d20a786742dd938f7d02b77

SHA256
8ea90564b9602ed47e578179cb34c8321bc3d8adff4aa80bba9a6748657f86de

SHA512
8749965c68a3336bc3884cc8a034a4b5db1353a3c4d3bcdefecdbf4b0ccd4d0094d69a3787607c0c6c75d21c0bf5d45fbc67295518e8f2cdc5246acc9cac37e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst9214.tmp\KKRtskin.dll

Filesize
895KB

MD5
38b3d22cd859043bd738463bf2ee12c8

SHA1
8208b8c0cadb095c0e3d3893f3db4d4a8fff6851

SHA256
64b2fbd8f8055e298ffbfb39d1e2c3ec2b877af14e4204823e511ba79066f7b9

SHA512
20eb84ac93bdd7324e4bbfb7b95a2e78fe56cb502ddda41ec537417212907e1ed2e1b68614211c5dd13920b4118407743b6f50c95452cbaf842130877a7bfc1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst9214.tmp\System.dll

Filesize
11KB

MD5
75ed96254fbf894e42058062b4b4f0d1

SHA1
996503f1383b49021eb3427bc28d13b5bbd11977

SHA256
a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

SHA512
58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst9214.tmp\nsDialogs.dll

Filesize
9KB

MD5
ca95c9da8cef7062813b989ab9486201

SHA1
c555af25df3de51aa18d487d47408d5245dba2d1

SHA256
feb6364375d0ab081e9cdf11271c40cb966af295c600903383b0730f0821c0be

SHA512
a30d94910204d1419c803dc12d90a9d22f63117e4709b1a131d8c4d5ead7e4121150e2c8b004a546b33c40c294df0a74567013001f55f37147d86bb847d7bbc9

Download Submit