e1253d3b4379ba4b67c4273f8a318affa77d67f3814b93cf328bf325f3a22d25

Analysis

max time kernel
37s
max time network
135s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 02:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e1253d3b4379ba4b67c4273f8a318affa77d67f3814b93cf328bf325f3a22d25.exe
Size

4.8MB
MD5

6c40d3b83a65fd12715911ebecfd4ef8
SHA1

775c0ee43bf7ac92c8a43a3017e1a32e67a36b72
SHA256

e1253d3b4379ba4b67c4273f8a318affa77d67f3814b93cf328bf325f3a22d25
SHA512

843259c5d49050f48d1daa9062625a1461e3d4a7dd5b8b6186a69407afd9bdb5e02ae6719992416663286cfe12e0c9894f3ef58a48a72498a5c243359ba3d743
SSDEEP

98304:bd3HFmTXTxTtDL7NzVxsPOkM/pbpwt6J2bgBRhUWNtjnN7PoL8uP:1HFmr/TJsC/B+t6caKWbjN7mP

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
912	e1253d3b4379ba4b67c4273f8a318affa77d67f3814b93cf328bf325f3a22d25.exe
912	e1253d3b4379ba4b67c4273f8a318affa77d67f3814b93cf328bf325f3a22d25.exe
912	e1253d3b4379ba4b67c4273f8a318affa77d67f3814b93cf328bf325f3a22d25.exe
912	e1253d3b4379ba4b67c4273f8a318affa77d67f3814b93cf328bf325f3a22d25.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
912	e1253d3b4379ba4b67c4273f8a318affa77d67f3814b93cf328bf325f3a22d25.exe
912	e1253d3b4379ba4b67c4273f8a318affa77d67f3814b93cf328bf325f3a22d25.exe
912	e1253d3b4379ba4b67c4273f8a318affa77d67f3814b93cf328bf325f3a22d25.exe

C:\Users\Admin\AppData\Local\Temp\e1253d3b4379ba4b67c4273f8a318affa77d67f3814b93cf328bf325f3a22d25.exe
"C:\Users\Admin\AppData\Local\Temp\e1253d3b4379ba4b67c4273f8a318affa77d67f3814b93cf328bf325f3a22d25.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:912

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nst9C23.tmp\Banner.dll

Filesize
4KB

MD5
aea3ac67fa68fd3f00edfbf9b43a2770

SHA1
aa59d1a4311c42b612ee66a027f224261beebbc3

SHA256
f4530c734e3ce6253ffa6e5d755d61e4709ab9fc3b0eee3d4cdb89ec89c48bd2

SHA512
ffb6abc624d50ae8bc9c83ff518cb532dfd076f107077dceaf0e23d11c186a18671a5f538270be8b0b986e41ad1981a3606995046a6ee7b6b64a33c83ed72df9

Download Submit
\Users\Admin\AppData\Local\Temp\nst9C23.tmp\KPTool.dll

Filesize
15KB

MD5
1c181ef028d0a6cd9256882150461731

SHA1
7296de036832e54625c39302e64d7e0718da5a88

SHA256
57f9c9a9f0d8d239975671728cee34cfcb90cffc54917c8439229bdf73681112

SHA512
fd6a11a4ad370d16342a7e37e92783d7f7e8adf8f650245fa9807d5b69b09bc7084ef4da230e6a603ade59d8e5fc3d58d10ea2a430233dc7351945bd9e6496cb

Download Submit
\Users\Admin\AppData\Local\Temp\nst9C23.tmp\NSISdl.dll

Filesize
14KB

MD5
a5a4cee2eb89d2687c05ef74299f0dba

SHA1
b9bff5987be422887f2f402357b47db2288a1a42

SHA256
cb82268b778703db75961cddef33a695a674f0dfd28b7e710b198ef2d26d3963

SHA512
f485267c6239f84d294ed4b0a82f317081e6e2e0c5613bd012bbd496b9ebccb8aca6944e80f84af51d17ac13f4d83480c34edfe37a3a9508ce0e67fc9f0b96f0

Download Submit
\Users\Admin\AppData\Local\Temp\nst9C23.tmp\NSISdl.dll

Filesize
14KB

MD5
a5a4cee2eb89d2687c05ef74299f0dba

SHA1
b9bff5987be422887f2f402357b47db2288a1a42

SHA256
cb82268b778703db75961cddef33a695a674f0dfd28b7e710b198ef2d26d3963

SHA512
f485267c6239f84d294ed4b0a82f317081e6e2e0c5613bd012bbd496b9ebccb8aca6944e80f84af51d17ac13f4d83480c34edfe37a3a9508ce0e67fc9f0b96f0

Download Submit
\Users\Admin\AppData\Local\Temp\nst9C23.tmp\System.dll

Filesize
11KB

MD5
960a5c48e25cf2bca332e74e11d825c9

SHA1
da35c6816ace5daf4c6c1d57b93b09a82ecdc876

SHA256
484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

SHA512
cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

Download Submit
\Users\Admin\AppData\Local\Temp\nst9C23.tmp\System.dll

Filesize
11KB

MD5
960a5c48e25cf2bca332e74e11d825c9

SHA1
da35c6816ace5daf4c6c1d57b93b09a82ecdc876

SHA256
484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

SHA512
cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

Download Submit
\Users\Admin\AppData\Local\Temp\nst9C23.tmp\inetc.dll

Filesize
20KB

MD5
c498ae64b4971132bba676873978de1e

SHA1
92e4009cd776b6c8616d8bffade7668ef3cb3c27

SHA256
5552bdde7e4113393f683ef501e4cc84dccc071bdc51391ea7fa3e7c1d49e4e8

SHA512
8e5ca35493f749a39ceae6796d2658ba10f7d8d9ceca45bb4365b338fabd1dfa9b9f92e33f50c91b0273e66adfbce4b98b09c15fd2473f8b214ed797462333d7

Download Submit
memory/912-54-0x0000000076401000-0x0000000076403000-memory.dmp

Filesize
8KB

Download