edc192d7f9863167968350c73b78bdf1eb2ebced2d5a77230121c6e1d99b1955

Analysis

max time kernel
91s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
17/10/2022, 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

edc192d7f9863167968350c73b78bdf1eb2ebced2d5a77230121c6e1d99b1955.exe
Size

1.7MB
MD5

116845a0bc1d542a6f69c75f015241c8
SHA1

848c4432871c19aaa4f02fde0f38b79b04f64da2
SHA256

edc192d7f9863167968350c73b78bdf1eb2ebced2d5a77230121c6e1d99b1955
SHA512

0c19baf380e2ce45df3d3b80c6509e23db7987949b60ec1900dc6e6b99ee936936fdc63864e52921bd2305d3e3b844cf0c3c7c2dae2287ce804f42e47921cd9d
SSDEEP

49152:35rk8qq0lcyVlgoRdLbD5Zs9RulvabBsZVbYRKw:3aqroRdLxlibBsZ2RT

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
4896	edc192d7f9863167968350c73b78bdf1eb2ebced2d5a77230121c6e1d99b1955.exe
4896	edc192d7f9863167968350c73b78bdf1eb2ebced2d5a77230121c6e1d99b1955.exe
4896	edc192d7f9863167968350c73b78bdf1eb2ebced2d5a77230121c6e1d99b1955.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4896	edc192d7f9863167968350c73b78bdf1eb2ebced2d5a77230121c6e1d99b1955.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
4896	edc192d7f9863167968350c73b78bdf1eb2ebced2d5a77230121c6e1d99b1955.exe

C:\Users\Admin\AppData\Local\Temp\edc192d7f9863167968350c73b78bdf1eb2ebced2d5a77230121c6e1d99b1955.exe
"C:\Users\Admin\AppData\Local\Temp\edc192d7f9863167968350c73b78bdf1eb2ebced2d5a77230121c6e1d99b1955.exe"
1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4896

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsn8EE9.tmp\BDMSkin.dll

Filesize
1.3MB

MD5
b540a866191f7fd20f5e6355bc2b094e

SHA1
df01a0c011e88a1f860db41d474d3fe893f06082

SHA256
ce3044e92a827fce76a75dbd817545506dcab76a5f4edac3c9cf37236a1eecb6

SHA512
e65aa73a9e8118176f294edeb7a9dc3a71319b218a45de6073622b868bee2fab9d7b6f76577f846cc940b4b949ee0110fbb449df3d77c922464cf6ded1408331

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn8EE9.tmp\BDMSkin.dll

Filesize
1.3MB

MD5
b540a866191f7fd20f5e6355bc2b094e

SHA1
df01a0c011e88a1f860db41d474d3fe893f06082

SHA256
ce3044e92a827fce76a75dbd817545506dcab76a5f4edac3c9cf37236a1eecb6

SHA512
e65aa73a9e8118176f294edeb7a9dc3a71319b218a45de6073622b868bee2fab9d7b6f76577f846cc940b4b949ee0110fbb449df3d77c922464cf6ded1408331

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn8EE9.tmp\tmpdhv5xe.dll

Filesize
2.5MB

MD5
2f18f1a6ba6697055490f30b217cde76

SHA1
d9bfcbeb071cfa067a3a9bb8dc32fa32b4f9954b

SHA256
59b13be9b563fabbe3ec1f8d756f3b16f384b9ae3cf2e89d7dbc813461c75645

SHA512
95cfe56d60ba573667bf41111da2ab2a95c1daca3fbcdf175e0b3cf80f8f33b097ff64473e4c1a2504cfab475bf0dbff1f33675e86fcf114463fa4edd10ff362

Download Submit
memory/4896-135-0x0000000003140000-0x0000000003283000-memory.dmp

Filesize
1.3MB

Download