0156d78e444e9f333160a618f44b3caa91c9c6b11798e034d8b5da8f9b75b59a

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 05:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0156d78e444e9f333160a618f44b3caa91c9c6b11798e034d8b5da8f9b75b59a.exe
Size

50KB
MD5

4315bbdabea22c554214a2b1cc31a992
SHA1

01148c761a81be9a73f986a370cb5976de598e59
SHA256

0156d78e444e9f333160a618f44b3caa91c9c6b11798e034d8b5da8f9b75b59a
SHA512

53ae73ca1d826e39e8f396257cf0451140d4020a1adcf1b0a84f0dd456b5264e3d27e25331c9be66fad40b89fee8dd2c266ce2f8092ffb4b1627ef3793c08104
SSDEEP

1536:siZU91Rzv4f/+LHgmpoM4sXJcCx5n36YbijdtVY:siezvrL9oMXJxxB644ds

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
1060	0156d78e444e9f333160a618f44b3caa91c9c6b11798e034d8b5da8f9b75b59a.exe
1060	0156d78e444e9f333160a618f44b3caa91c9c6b11798e034d8b5da8f9b75b59a.exe
1060	0156d78e444e9f333160a618f44b3caa91c9c6b11798e034d8b5da8f9b75b59a.exe
1060	0156d78e444e9f333160a618f44b3caa91c9c6b11798e034d8b5da8f9b75b59a.exe
1060	0156d78e444e9f333160a618f44b3caa91c9c6b11798e034d8b5da8f9b75b59a.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\0156d78e444e9f333160a618f44b3caa91c9c6b11798e034d8b5da8f9b75b59a.exe
"C:\Users\Admin\AppData\Local\Temp\0156d78e444e9f333160a618f44b3caa91c9c6b11798e034d8b5da8f9b75b59a.exe"
1⤵
- Loads dropped DLL
PID:1060

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nst1F6.tmp\inetc2.dll

Filesize
24KB

MD5
feddc5e9d458ff68c687c88a240d3561

SHA1
4be09ff48f3b17b728d7e7517a7f8a7a40dc16b6

SHA256
1c0afced19cc188118dfdbf0e82a0c87d2079753411a0c7743b04edb2c87bdde

SHA512
a83ef5a7a2084980c627459e8987349df4e651cf3806690a7b382b4c23ec33d306201907bc98ed2e93303ac313bb5ba6971970cc6e8279615b0b0d13023b9a10

Download Submit
\Users\Admin\AppData\Local\Temp\nst1F6.tmp\inetc2.dll

Filesize
24KB

MD5
feddc5e9d458ff68c687c88a240d3561

SHA1
4be09ff48f3b17b728d7e7517a7f8a7a40dc16b6

SHA256
1c0afced19cc188118dfdbf0e82a0c87d2079753411a0c7743b04edb2c87bdde

SHA512
a83ef5a7a2084980c627459e8987349df4e651cf3806690a7b382b4c23ec33d306201907bc98ed2e93303ac313bb5ba6971970cc6e8279615b0b0d13023b9a10

Download Submit
\Users\Admin\AppData\Local\Temp\nst1F6.tmp\inetc2.dll

Filesize
24KB

MD5
feddc5e9d458ff68c687c88a240d3561

SHA1
4be09ff48f3b17b728d7e7517a7f8a7a40dc16b6

SHA256
1c0afced19cc188118dfdbf0e82a0c87d2079753411a0c7743b04edb2c87bdde

SHA512
a83ef5a7a2084980c627459e8987349df4e651cf3806690a7b382b4c23ec33d306201907bc98ed2e93303ac313bb5ba6971970cc6e8279615b0b0d13023b9a10

Download Submit
\Users\Admin\AppData\Local\Temp\nst1F6.tmp\inetc2.dll

Filesize
24KB

MD5
feddc5e9d458ff68c687c88a240d3561

SHA1
4be09ff48f3b17b728d7e7517a7f8a7a40dc16b6

SHA256
1c0afced19cc188118dfdbf0e82a0c87d2079753411a0c7743b04edb2c87bdde

SHA512
a83ef5a7a2084980c627459e8987349df4e651cf3806690a7b382b4c23ec33d306201907bc98ed2e93303ac313bb5ba6971970cc6e8279615b0b0d13023b9a10

Download Submit
\Users\Admin\AppData\Local\Temp\nst1F6.tmp\inetc2.dll

Filesize
24KB

MD5
feddc5e9d458ff68c687c88a240d3561

SHA1
4be09ff48f3b17b728d7e7517a7f8a7a40dc16b6

SHA256
1c0afced19cc188118dfdbf0e82a0c87d2079753411a0c7743b04edb2c87bdde

SHA512
a83ef5a7a2084980c627459e8987349df4e651cf3806690a7b382b4c23ec33d306201907bc98ed2e93303ac313bb5ba6971970cc6e8279615b0b0d13023b9a10

Download Submit
memory/1060-54-0x0000000074DC1000-0x0000000074DC3000-memory.dmp

Filesize
8KB

Download