9771d777c07e67f7d69791345a89a5e778c9612e7f3d2e1092988b03ee13fc04

Analysis

max time kernel
147s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2022, 22:27

Target

9771d777c07e67f7d69791345a89a5e778c9612e7f3d2e1092988b03ee13fc04.exe
Size

51KB
MD5

6af784d3ce47552d55476c900e19bff0
SHA1

fbdd6b550451361f5812c145f2c42fb5ac9019fd
SHA256

9771d777c07e67f7d69791345a89a5e778c9612e7f3d2e1092988b03ee13fc04
SHA512

dcfa31cb99f99f8db2d0c11b1df9fab99c1e25627747c5091c0a78092163bc9ddbeb2c99353dbe32813be1628ed51726c22cc9a285b6bef0d771a43458f55dad
SSDEEP

1536:TQpQ5EP0ijnRTXJIVN5cQ8IvCstP+/7zQXD:TQIURTXJI+Q1vCo+/7OD

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
1816	9771d777c07e67f7d69791345a89a5e778c9612e7f3d2e1092988b03ee13fc04.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\9771d777c07e67f7d69791345a89a5e778c9612e7f3d2e1092988b03ee13fc04.exe
"C:\Users\Admin\AppData\Local\Temp\9771d777c07e67f7d69791345a89a5e778c9612e7f3d2e1092988b03ee13fc04.exe"
1⤵
- Loads dropped DLL
PID:1816

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\nsc9AD0.tmp\e8342757-c1b9-44e9-897f-7e9773feedf6.dll

Filesize
20KB

MD5
e3b3d0b266ebc36829eaead469a0c9ca

SHA1
1fd63b2e3b1e53cc5facfb499898e469000832e6

SHA256
74e087aca59124ea0aa900a69518f4c9931c7b670f4a3ecc1d211de7407f0e4b

SHA512
ede2099311979b151238bc1aa440edf7e979c9a768405c247e47cfc7c65c59509593582ae2cead7f4b7f1d694365c4558483149f781d11c90a6829ef049f5abe

Download Submit