8825be65d42fe9b5f68e012be47bb7f82bb3bd1dfe8970e7aaf032ee0d98fa76

Analysis

max time kernel
154s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01-10-2022 22:32

Target

8825be65d42fe9b5f68e012be47bb7f82bb3bd1dfe8970e7aaf032ee0d98fa76.exe
Size

50KB
MD5

613677fe1527ad444443952bda7e4120
SHA1

d82a06d0e4d8d6392863ef222961c566b0e04202
SHA256

8825be65d42fe9b5f68e012be47bb7f82bb3bd1dfe8970e7aaf032ee0d98fa76
SHA512

2f6da6a6d48a70856cc3a8e0eb8fcbabd219acb872579a4148e0e1e18d432fbf90b54a76add401c4defa66efabe6bb5c7b14784ecbd64d099aaeaa194b007999
SSDEEP

768:l1cVhpQI2EQK0iPDh84nScF15GYbWjXO3XJYPVN53aJQh2I4aCn39ZYlYQ+PUx:TQpQ5EP0ijnRTXJIVN5cQ8IvCntsUq

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2108	8825be65d42fe9b5f68e012be47bb7f82bb3bd1dfe8970e7aaf032ee0d98fa76.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\8825be65d42fe9b5f68e012be47bb7f82bb3bd1dfe8970e7aaf032ee0d98fa76.exe
"C:\Users\Admin\AppData\Local\Temp\8825be65d42fe9b5f68e012be47bb7f82bb3bd1dfe8970e7aaf032ee0d98fa76.exe"
1⤵
- Loads dropped DLL
PID:2108

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\nsxC163.tmp\e3e27124-b80e-4dea-98e8-e4ff575e6e8c.dll

Filesize
20KB

MD5
9709e232c923daabdf641d06e3fa6411

SHA1
3c8efd6f9bb4296b6f3aa14fe49bd07d432ee99c

SHA256
959218b780fd849a891b36868f025404e408151c101f9c8a06b469b8daa69590

SHA512
845dec0ea572de69bc76a285a86d417a233add8342329d8b7ab6707c7dbc2f4dde466d6a8f2e79aaeaf4bdfda06be633908707e734ab30ff22c4c9f1e4496ef7

Download Submit