898cdd3ef5fd201e8feb3d7ee2de01d035d807976b59693b4cf8aacf819b96db

Analysis

max time kernel
9s
max time network
26s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-10-2022 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

898cdd3ef5fd201e8feb3d7ee2de01d035d807976b59693b4cf8aacf819b96db.exe
Size

55KB
MD5

0bedfffadc313a719299d141024b33f6
SHA1

0e1d4955e1ba0d73771d1f531cb9f1921a8c258a
SHA256

898cdd3ef5fd201e8feb3d7ee2de01d035d807976b59693b4cf8aacf819b96db
SHA512

0777dc43552fcea8138f21faf7a2d16792b1927220cfb68d34a98e7429d6b29c18962647f2baed6edc7713aae817227b8fa11562031b92b7624ecb562d7bf816
SSDEEP

1536:IpgpHzb9dZVX9fHMvG0D3XJ3VomcrspFIf:+gXdZt9P6D3XJ3Gr+c

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

NSIS installer 1 IoCs

installer

resource	yara_rule
behavioral2/files/0x0006000000022e47-135.dat	nsis_installer_2

C:\Users\Admin\AppData\Local\Temp\898cdd3ef5fd201e8feb3d7ee2de01d035d807976b59693b4cf8aacf819b96db.exe
"C:\Users\Admin\AppData\Local\Temp\898cdd3ef5fd201e8feb3d7ee2de01d035d807976b59693b4cf8aacf819b96db.exe"
1⤵
PID:5076
- C:\Users\Admin\AppData\Local\Temp\nsoAC43.tmp\EasySpeedPC.exe
  "C:\Users\Admin\AppData\Local\Temp\nsoAC43.tmp\EasySpeedPC.exe"
  2⤵
  PID:3944

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsfBA8C.tmp\inetc.dll

Filesize
20KB

MD5
e541458cfe66ef95ffbea40eaaa07289

SHA1
caec1233f841ee72004231a3027b13cdeb13274c

SHA256
3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

SHA512
0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoAC43.tmp\EasySpeedPC.exe

Filesize
29KB

MD5
e8349a358d2ec11532a48cd38a841686

SHA1
fb8d99bdc8750269535caac8fb3cf43d26713828

SHA256
ae86f6f04e7720dc8c35c622f3f0eb1e8cf21955cfabe04b6d18da28c4fe2028

SHA512
6594d5f4a5ec8f86d7e00ab8570fd2a71cc18a1d2ee891e20d7847f43d55576d52e2dbf295056da58faeeb8fd4a7fe379963f9521b6ca4a281dbece43ae897a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoAC43.tmp\EasySpeedPC.exe

Filesize
42KB

MD5
46fdee17f95dde354bffe863e339d683

SHA1
bb18cf2d879adeaec5375f60322e723548e7cc33

SHA256
59c62dade8918b079619130dac679ca0d96de72c785d616fb7d70d57f9f04530

SHA512
d213bded9ae7f270128b366e914025936d55e67bf5b2ca0013ae671c350c5eff61c80b7296ec911e204418dbe7d5e3cc9e3317dc387832f955c81ebb93814d84

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoAC43.tmp\inetc.dll

Filesize
20KB

MD5
e541458cfe66ef95ffbea40eaaa07289

SHA1
caec1233f841ee72004231a3027b13cdeb13274c

SHA256
3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

SHA512
0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

Download Submit