Overview

overview

7

Static

static

7899990cc6...9b.exe

windows7-x64

7

7899990cc6...9b.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    17s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29/10/2022, 02:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7899990cc67fa9e93bc4010fdd854d3e4ea1555d7ad0e1ba323c2ff4f5342d9b.exe

  • Size

    108KB

  • MD5

    5a257c18b77661fdcd99843e896465db

  • SHA1

    217c2a2e5f4f6f1adf13b201381a8c46c069d93f

  • SHA256

    7899990cc67fa9e93bc4010fdd854d3e4ea1555d7ad0e1ba323c2ff4f5342d9b

  • SHA512

    23730ec79fb9f098f374a6f1436cde30175727f2e77ff3cc11dbe663d33118e0fe6c266b2a928237868fd690d667d9f2816cbe4eb7c88ba493a679eba5f85524

  • SSDEEP

    1536:TI0BJ1U34+QsKPlqmw3sSx2bPnJ4Romu/THsg0SMjknO3f2xvnozWuuFT6Xmr:PKL0xw3sSx2bPnJ45GGKnO3fYoquuBz

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7899990cc67fa9e93bc4010fdd854d3e4ea1555d7ad0e1ba323c2ff4f5342d9b.exe
    "C:\Users\Admin\AppData\Local\Temp\7899990cc67fa9e93bc4010fdd854d3e4ea1555d7ad0e1ba323c2ff4f5342d9b.exe"
    1⤵
    • Loads dropped DLL
    PID:864

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsj407C.tmp\NSISdl.dll
    Filesize

    15KB

    MD5

    7caaf58a526da33c24cbe122e7839693

    SHA1

    7687112cb6593947226f8a8319d6e2d0cdef3b11

    SHA256

    19debdc4c0b6f5dc9582bda7a2c1146516f683e8d741190e6d4b81ad10b33f61

    SHA512

    aafd0cb2abb3d2dee95c2d037a6a1a5bff0518e3210ced0c39e6d6696e4fab4734df01476fe9dcb208f02c529cd03346bc8b7f3319ae49701bbf2cb453d59bae

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsj407C.tmp\NSISdl.dll
    Filesize

    13KB

    MD5

    e167f555cac98f3d0cb754875a4286dd

    SHA1

    1a06f9a3c2c185ed78f421e418ef0137631ef723

    SHA256

    f3cbac232afa9cee057444d81bf78a212bbe7672c071c85b8a8c71ca0ffea58b

    SHA512

    727eee967fda5688a4fba795980d2c99e6b23728bc1986c6b4de3297ca61e868656e29e4f8e87739c2197028d755d30486c7510c2c35971f2c52737921f930a7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsj407C.tmp\NSISdl.dll
    Filesize

    15KB

    MD5

    7caaf58a526da33c24cbe122e7839693

    SHA1

    7687112cb6593947226f8a8319d6e2d0cdef3b11

    SHA256

    19debdc4c0b6f5dc9582bda7a2c1146516f683e8d741190e6d4b81ad10b33f61

    SHA512

    aafd0cb2abb3d2dee95c2d037a6a1a5bff0518e3210ced0c39e6d6696e4fab4734df01476fe9dcb208f02c529cd03346bc8b7f3319ae49701bbf2cb453d59bae

    Download Submit

  • memory/864-54-0x0000000076261000-0x0000000076263000-memory.dmp

    Filesize

    8KB

    Download