5f9ca825a0338e4987e6134fc578c7f1f9e2f0bce330ed5c7747b4ba67898102

Analysis

max time kernel
37s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 18:18

Target

5f9ca825a0338e4987e6134fc578c7f1f9e2f0bce330ed5c7747b4ba67898102.exe
Size

50KB
MD5

6c89e6db3a642af92600082787b138a0
SHA1

870f41327c2c828c681b069d9ad70f6a17cb6379
SHA256

5f9ca825a0338e4987e6134fc578c7f1f9e2f0bce330ed5c7747b4ba67898102
SHA512

db085f60c6f0efd679f586b718c3f585cd57b9a02ba761e240d18c479ba8dff0c9b20d20035e610d35326464cabb8fa5f54bab315e427b49163bdffbe9fc3609
SSDEEP

1536:TQpQ5EP0ijnRTXJIVN5cQ8IvCfv30CN8V:TQIURTXJI+Q1vCWV

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
1112	5f9ca825a0338e4987e6134fc578c7f1f9e2f0bce330ed5c7747b4ba67898102.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\5f9ca825a0338e4987e6134fc578c7f1f9e2f0bce330ed5c7747b4ba67898102.exe
"C:\Users\Admin\AppData\Local\Temp\5f9ca825a0338e4987e6134fc578c7f1f9e2f0bce330ed5c7747b4ba67898102.exe"
1⤵
- Loads dropped DLL
PID:1112

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\Users\Admin\AppData\Local\Temp\nsd342D.tmp\af431fb2-a8dc-494f-a476-10a7a6611809.dll

Filesize
20KB

MD5
40f49ef596f364293296746cd5035194

SHA1
fc3e2e346876ca94513cd635a98938feb322e300

SHA256
d71ea3c613dd69024494b1efebb37fbe335e3da234b0588c25db24b5cb9e87ba

SHA512
21c6b1b4c1a16a714e99c2080405916c9a9d6f1ff26b151eeb9b14222e54515c78e6717d6aec3ba8b79c760c221b03507c669d7e279d80039246721ed7b97196

Download Submit
memory/1112-54-0x0000000075F51000-0x0000000075F53000-memory.dmp

Filesize
8KB

Download