Overview

overview

10

Static

static

1

25567135ec...85.exe

windows7-x64

10

25567135ec...85.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    15s
  • max time network
    21s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-10-2022 09:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    25567135ec1b3375d957d61f20e39b7a442b5a87f3f3591f67d47a1441455585.exe

  • Size

    3.6MB

  • MD5

    21ae834bdd5b89bacacca4d51cf82148

  • SHA1

    601d1d2751a2af976556b6cfa84201b76003cff5

  • SHA256

    25567135ec1b3375d957d61f20e39b7a442b5a87f3f3591f67d47a1441455585

  • SHA512

    1e29739482431972865a2ceac2404cccea7c5bc5d1257dcfefcd9e9d2a16820bad8dad79d0c88192170c83a84fea8e0900bc38764b313dbb66d4f4aefd5ccde8

  • SSDEEP

    98304:c4cVYH4QXqDLusX30tPoOvE7CcJaDcUkXaluXvdPzJ:oWH4LXeRoZ7CcPUQXvdPzJ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\25567135ec1b3375d957d61f20e39b7a442b5a87f3f3591f67d47a1441455585.exe
    "C:\Users\Admin\AppData\Local\Temp\25567135ec1b3375d957d61f20e39b7a442b5a87f3f3591f67d47a1441455585.exe"
    1⤵
    • Loads dropped DLL
    PID:728
    • C:\Users\Admin\AppData\Roaming\Microsoft\up.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\up.exe"
      2⤵
        PID:3952

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsiA8C9.tmp\ExecDos.dll
      Filesize

      5KB

      MD5

      a7cd6206240484c8436c66afb12bdfbf

      SHA1

      0bb3e24a7eb0a9e5a8eae06b1c6e7551a7ec9919

      SHA256

      69ac56d2fdf3c71b766d3cc49b33b36f1287cc2503310811017467dfcb455926

      SHA512

      b9ee7803301e50a8ec20ab3f87eb9e509ea24d11a69e90005f30c1666acc4ed0a208bd56e372e2e5c6a6d901d45f04a12427303d74761983593d10b344c79904

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsiA8C9.tmp\ExecDos.dll
      Filesize

      5KB

      MD5

      a7cd6206240484c8436c66afb12bdfbf

      SHA1

      0bb3e24a7eb0a9e5a8eae06b1c6e7551a7ec9919

      SHA256

      69ac56d2fdf3c71b766d3cc49b33b36f1287cc2503310811017467dfcb455926

      SHA512

      b9ee7803301e50a8ec20ab3f87eb9e509ea24d11a69e90005f30c1666acc4ed0a208bd56e372e2e5c6a6d901d45f04a12427303d74761983593d10b344c79904

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsiA8C9.tmp\System.dll
      Filesize

      11KB

      MD5

      c17103ae9072a06da581dec998343fc1

      SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

      SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

      SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

      Download Submit