31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293

Analysis

max time kernel
198s
max time network
254s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 14:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe
Size

5.1MB
MD5

aa653618be05ecd66ce23f8cf24cde55
SHA1

a537c8c312c1c584fe966b97dbe19294a791f76b
SHA256

31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293
SHA512

f9b8c6a2e56fb0bc2444f88a9be13f05e8c43c94858f8b4d70b160ad65ab8ee6f987a8f18f0a283340ec2491f78eb3d8c3e2c2a621a227bd5ad8685bf3f4cdd4
SSDEEP

98304:IdHDZTCQKqnElGX2PHMlvnS9Bxl5DjcaTOsNICAv0Ib1bY30SmMvUJR:WDRdKqnEomElUPdcRs5Avz9YESmMvq

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 21 IoCs

pid	Process
220	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe
220	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe
220	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe
220	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe
220	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe
220	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe
220	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe
220	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe
220	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe
220	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe
220	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe
220	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe
220	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe
220	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe
220	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe
220	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe
220	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe
220	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe
220	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe
220	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe
220	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\LinksBar	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\LinksBar\Enabled = "1"	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
220	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe
220	31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe

C:\Users\Admin\AppData\Local\Temp\31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe
"C:\Users\Admin\AppData\Local\Temp\31af827282c3701c9eec4871005490997c0de68342551af1f77b2e1b78217293.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:220

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsy40A0.tmp\Banner.dll

Filesize
4KB

MD5
aea3ac67fa68fd3f00edfbf9b43a2770

SHA1
aa59d1a4311c42b612ee66a027f224261beebbc3

SHA256
f4530c734e3ce6253ffa6e5d755d61e4709ab9fc3b0eee3d4cdb89ec89c48bd2

SHA512
ffb6abc624d50ae8bc9c83ff518cb532dfd076f107077dceaf0e23d11c186a18671a5f538270be8b0b986e41ad1981a3606995046a6ee7b6b64a33c83ed72df9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy40A0.tmp\Button.dll

Filesize
7KB

MD5
92debab0caea94c3e571e892fdde60dd

SHA1
fcd1f711b3c649b5cf5cc134e19524489084e456

SHA256
508b06710e1c3d4456d14a28ffa89c42097a9388ce44a6148ee1a3a3d5a26bcd

SHA512
2169d071c0c570b236c7224141dfb460a4cd6eb6e2e7fdf081c8d88d9173f639881d0dc2e33bc4881432637fb1a7336b7815236a70cf5ee638f8142d787a94fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy40A0.tmp\Button.dll

Filesize
7KB

MD5
92debab0caea94c3e571e892fdde60dd

SHA1
fcd1f711b3c649b5cf5cc134e19524489084e456

SHA256
508b06710e1c3d4456d14a28ffa89c42097a9388ce44a6148ee1a3a3d5a26bcd

SHA512
2169d071c0c570b236c7224141dfb460a4cd6eb6e2e7fdf081c8d88d9173f639881d0dc2e33bc4881432637fb1a7336b7815236a70cf5ee638f8142d787a94fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy40A0.tmp\EmbedWeb.dll

Filesize
22KB

MD5
2312a7ac514325c2f1efc6f4cfdecd61

SHA1
7d12b05a867ec6d40f174c797dc3b691e6fa2408

SHA256
fb9cc3565cf89cf862665003b329be514e1fbcdef83a9ed994238800156de983

SHA512
187ef38f755f1e30524e3d60d1d4188160b654f2430c0246e160d9e8971d565986010a47a9ef3c8ca99eae7e0993c8be0b2cb93345cc6f30b179206f57e54b9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy40A0.tmp\EmbedWeb.dll

Filesize
22KB

MD5
2312a7ac514325c2f1efc6f4cfdecd61

SHA1
7d12b05a867ec6d40f174c797dc3b691e6fa2408

SHA256
fb9cc3565cf89cf862665003b329be514e1fbcdef83a9ed994238800156de983

SHA512
187ef38f755f1e30524e3d60d1d4188160b654f2430c0246e160d9e8971d565986010a47a9ef3c8ca99eae7e0993c8be0b2cb93345cc6f30b179206f57e54b9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy40A0.tmp\KPTool.dll

Filesize
10KB

MD5
cb06abc67418f1f8310ec8ac47427107

SHA1
3de638b9d215b6b78bea7d3ff7fc7d246f4d1ed2

SHA256
831a5fc0c6050b9879a87fe315dc5c6d9cd161e62138102080760116d9670655

SHA512
68e39bcdfb12dfd570f7b7b19726165b7a7c764c1720e00f907032bb0c9f21a824ee556ab1fd751b95f803b1a34a0195def2a21c4966a1f55449721fb14850b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy40A0.tmp\KPTool.dll

Filesize
10KB

MD5
cb06abc67418f1f8310ec8ac47427107

SHA1
3de638b9d215b6b78bea7d3ff7fc7d246f4d1ed2

SHA256
831a5fc0c6050b9879a87fe315dc5c6d9cd161e62138102080760116d9670655

SHA512
68e39bcdfb12dfd570f7b7b19726165b7a7c764c1720e00f907032bb0c9f21a824ee556ab1fd751b95f803b1a34a0195def2a21c4966a1f55449721fb14850b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy40A0.tmp\NSISdl.dll

Filesize
14KB

MD5
a5a4cee2eb89d2687c05ef74299f0dba

SHA1
b9bff5987be422887f2f402357b47db2288a1a42

SHA256
cb82268b778703db75961cddef33a695a674f0dfd28b7e710b198ef2d26d3963

SHA512
f485267c6239f84d294ed4b0a82f317081e6e2e0c5613bd012bbd496b9ebccb8aca6944e80f84af51d17ac13f4d83480c34edfe37a3a9508ce0e67fc9f0b96f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy40A0.tmp\NSISdl.dll

Filesize
14KB

MD5
a5a4cee2eb89d2687c05ef74299f0dba

SHA1
b9bff5987be422887f2f402357b47db2288a1a42

SHA256
cb82268b778703db75961cddef33a695a674f0dfd28b7e710b198ef2d26d3963

SHA512
f485267c6239f84d294ed4b0a82f317081e6e2e0c5613bd012bbd496b9ebccb8aca6944e80f84af51d17ac13f4d83480c34edfe37a3a9508ce0e67fc9f0b96f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy40A0.tmp\NSISdl.dll

Filesize
14KB

MD5
a5a4cee2eb89d2687c05ef74299f0dba

SHA1
b9bff5987be422887f2f402357b47db2288a1a42

SHA256
cb82268b778703db75961cddef33a695a674f0dfd28b7e710b198ef2d26d3963

SHA512
f485267c6239f84d294ed4b0a82f317081e6e2e0c5613bd012bbd496b9ebccb8aca6944e80f84af51d17ac13f4d83480c34edfe37a3a9508ce0e67fc9f0b96f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy40A0.tmp\NSISdl.dll

Filesize
14KB

MD5
a5a4cee2eb89d2687c05ef74299f0dba

SHA1
b9bff5987be422887f2f402357b47db2288a1a42

SHA256
cb82268b778703db75961cddef33a695a674f0dfd28b7e710b198ef2d26d3963

SHA512
f485267c6239f84d294ed4b0a82f317081e6e2e0c5613bd012bbd496b9ebccb8aca6944e80f84af51d17ac13f4d83480c34edfe37a3a9508ce0e67fc9f0b96f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy40A0.tmp\System.dll

Filesize
11KB

MD5
960a5c48e25cf2bca332e74e11d825c9

SHA1
da35c6816ace5daf4c6c1d57b93b09a82ecdc876

SHA256
484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

SHA512
cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy40A0.tmp\System.dll

Filesize
11KB

MD5
960a5c48e25cf2bca332e74e11d825c9

SHA1
da35c6816ace5daf4c6c1d57b93b09a82ecdc876

SHA256
484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

SHA512
cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy40A0.tmp\System.dll

Filesize
11KB

MD5
960a5c48e25cf2bca332e74e11d825c9

SHA1
da35c6816ace5daf4c6c1d57b93b09a82ecdc876

SHA256
484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

SHA512
cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy40A0.tmp\System.dll

Filesize
11KB

MD5
960a5c48e25cf2bca332e74e11d825c9

SHA1
da35c6816ace5daf4c6c1d57b93b09a82ecdc876

SHA256
484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

SHA512
cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy40A0.tmp\inetc.dll

Filesize
20KB

MD5
c498ae64b4971132bba676873978de1e

SHA1
92e4009cd776b6c8616d8bffade7668ef3cb3c27

SHA256
5552bdde7e4113393f683ef501e4cc84dccc071bdc51391ea7fa3e7c1d49e4e8

SHA512
8e5ca35493f749a39ceae6796d2658ba10f7d8d9ceca45bb4365b338fabd1dfa9b9f92e33f50c91b0273e66adfbce4b98b09c15fd2473f8b214ed797462333d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy40A0.tmp\inetc.dll

Filesize
20KB

MD5
c498ae64b4971132bba676873978de1e

SHA1
92e4009cd776b6c8616d8bffade7668ef3cb3c27

SHA256
5552bdde7e4113393f683ef501e4cc84dccc071bdc51391ea7fa3e7c1d49e4e8

SHA512
8e5ca35493f749a39ceae6796d2658ba10f7d8d9ceca45bb4365b338fabd1dfa9b9f92e33f50c91b0273e66adfbce4b98b09c15fd2473f8b214ed797462333d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy40A0.tmp\nsDialogs.dll

Filesize
9KB

MD5
8ced0b79f7b9033d0795aab3be6d627c

SHA1
90c2043ffccd068f407c624c50ac7b795db1e132

SHA256
495bddc0be6e18e981db82fab9d1de55c7e269ab4ec3ff43035193bc017a307b

SHA512
e38f63a342729f5ff6d0db607d7877b65c33ed19e2b5a97dd868ece8c2a3e829d4153624943444be2f0de885496161d54c1da9594bdc0a5a0bcc8b727e2facb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy40A0.tmp\nsDialogs.dll

Filesize
9KB

MD5
8ced0b79f7b9033d0795aab3be6d627c

SHA1
90c2043ffccd068f407c624c50ac7b795db1e132

SHA256
495bddc0be6e18e981db82fab9d1de55c7e269ab4ec3ff43035193bc017a307b

SHA512
e38f63a342729f5ff6d0db607d7877b65c33ed19e2b5a97dd868ece8c2a3e829d4153624943444be2f0de885496161d54c1da9594bdc0a5a0bcc8b727e2facb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy40A0.tmp\sndsock.dll

Filesize
10KB

MD5
e9a68378671dfc74e7715b47291e141a

SHA1
3178de37b31120525bff70ab620aa3473a01edf1

SHA256
630fce9497fb76e4f72e20741593fba7c30d72e8abdc085f3848d8c3ff31603e

SHA512
c17ed60f4983d853182f8be991c0f72fae03e208640442ccea0b935cd27d860a263eb962c08d05089d0c79c0556d9d266da548bf7df981483a989acc1412b24f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy40A0.tmp\sndsock.dll

Filesize
10KB

MD5
e9a68378671dfc74e7715b47291e141a

SHA1
3178de37b31120525bff70ab620aa3473a01edf1

SHA256
630fce9497fb76e4f72e20741593fba7c30d72e8abdc085f3848d8c3ff31603e

SHA512
c17ed60f4983d853182f8be991c0f72fae03e208640442ccea0b935cd27d860a263eb962c08d05089d0c79c0556d9d266da548bf7df981483a989acc1412b24f

Download Submit
memory/220-150-0x000000000C941000-0x000000000C944000-memory.dmp

Filesize
12KB

Download
memory/220-153-0x000000000A941000-0x000000000A945000-memory.dmp

Filesize
16KB

Download
memory/220-144-0x000000000C941000-0x000000000C944000-memory.dmp

Filesize
12KB

Download
memory/220-156-0x000000000D1A1000-0x000000000D1A3000-memory.dmp

Filesize
8KB

Download
memory/220-159-0x000000000D1B1000-0x000000000D1B3000-memory.dmp

Filesize
8KB

Download
memory/220-138-0x000000000C931000-0x000000000C933000-memory.dmp

Filesize
8KB

Download
memory/220-135-0x000000000C921000-0x000000000C923000-memory.dmp

Filesize
8KB

Download