06a103919f4cbb8aaf7e58fd0bc15231849154c08b7a5ad2dca977635a525512

Analysis

max time kernel
80s
max time network
176s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 23:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06a103919f4cbb8aaf7e58fd0bc15231849154c08b7a5ad2dca977635a525512.exe
Size

898KB
MD5

451a71499a8d57ab05def97f8883a650
SHA1

036a9f5fe8015f248ee1eef6564c9ac867a88b2e
SHA256

06a103919f4cbb8aaf7e58fd0bc15231849154c08b7a5ad2dca977635a525512
SHA512

accd94f98cff9fdf98072310ceac24d73f8d75b9757e40a1391c0561d25b6275c8eb44269eda699f38d4767259a4a29e654a225a7029b34e8242f0c8fad93172
SSDEEP

12288:ngz0cucpwJaIUzamJukyWtwgnc4iIOYyVJqi0vv7N2UJ1Dp40RjThL34Zte6xYJ5:niUv3W3/tYF0bNFpRnxcA6ZxzpkYoXL

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000b0000000122c2-55.dat	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000b0000000122c2-55.dat	upx
behavioral1/memory/1076-56-0x0000000074D90000-0x0000000074D9A000-memory.dmp	upx

Loads dropped DLL 5 IoCs

pid	Process
1076	06a103919f4cbb8aaf7e58fd0bc15231849154c08b7a5ad2dca977635a525512.exe
1076	06a103919f4cbb8aaf7e58fd0bc15231849154c08b7a5ad2dca977635a525512.exe
1076	06a103919f4cbb8aaf7e58fd0bc15231849154c08b7a5ad2dca977635a525512.exe
1076	06a103919f4cbb8aaf7e58fd0bc15231849154c08b7a5ad2dca977635a525512.exe
1076	06a103919f4cbb8aaf7e58fd0bc15231849154c08b7a5ad2dca977635a525512.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\06a103919f4cbb8aaf7e58fd0bc15231849154c08b7a5ad2dca977635a525512.exe
"C:\Users\Admin\AppData\Local\Temp\06a103919f4cbb8aaf7e58fd0bc15231849154c08b7a5ad2dca977635a525512.exe"
1⤵
- Loads dropped DLL
PID:1076

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsjD2BC.tmp\ButtonEvent.dll

Filesize
4KB

MD5
55788069d3fa4e1daf80f3339fa86fe2

SHA1
d64e05c1879a92d5a8f9ff2fd2f1a53e1a53ae96

SHA256
d6e429a063adf637f4d19d4e2eb094d9ff27382b21a1f6dccf9284afb5ff8c7f

SHA512
d3b1eec76e571b657df444c59c48cad73a58d1a10ff463ce9f3acd07acce17d589c3396ad5bdb94da585da08d422d863ffe1de11f64298329455f6d8ee320616

Download Submit
\Users\Admin\AppData\Local\Temp\nsjD2BC.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsjD2BC.tmp\inetc2.dll

Filesize
174KB

MD5
a3c728010404a90823c1629d12d8d3ea

SHA1
711404834facc44477c426d764f5129796018a0e

SHA256
5134f05fcdbaae854606962cfc20ef72774da6bdcc9aec4e9b1d30d19b21effe

SHA512
c5093cee5e1aa81f38de8a5dc0b3396d7d8fc5461fd051b4c921a7244c10dfeac32ab8f6e1ccdda35328cdd3ff605d5a0d0b48f597bcffdda32ec9b0f98f843e

Download Submit
\Users\Admin\AppData\Local\Temp\nsjD2BC.tmp\nsArray.dll

Filesize
6KB

MD5
6206b94f91e92b7f7f72214c438dd414

SHA1
09281ee4a76aa7dce016e7476ce33aa74246a0c6

SHA256
b15de38c9d72eef3c8ac9336c39debb10edc8e4a26bcc32b319f6ae8c9141380

SHA512
502bedef4fe934c74903ea01036fc265b950a8bb4927f6b285926ff53140fa8a78f37bc7e39a8de8ccde0ba6cdf9d0f512379c9fef86ad60192ed4b447c00fd0

Download Submit
\Users\Admin\AppData\Local\Temp\nsjD2BC.tmp\nsDialogs.dll

Filesize
9KB

MD5
c10e04dd4ad4277d5adc951bb331c777

SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

Download Submit
memory/1076-54-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download
memory/1076-56-0x0000000074D90000-0x0000000074D9A000-memory.dmp

Filesize
40KB

Download