059727718ddf2ad5cb320e20d4b4d30679c83b8ee0d064e104d50c062586ecf8

Analysis

max time kernel
78s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 04:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

059727718ddf2ad5cb320e20d4b4d30679c83b8ee0d064e104d50c062586ecf8.exe
Size

1.9MB
MD5

a1a68af3085f9f0014b1efe8d7a0fa98
SHA1

6171032d59503bf4be0443b5946c4627d93c28f5
SHA256

059727718ddf2ad5cb320e20d4b4d30679c83b8ee0d064e104d50c062586ecf8
SHA512

4bcf448a5bbbcf7c5388142b026428ee520a5c5347355d1084f6157e5e111b09750d3cdd892148a05b269fad46643b8b52c791cbd66f77985a87e7d7f85cac93
SSDEEP

49152:LHvV/kTdUW4cMhvmWLHCP5seqKW0ZB2a4TItPGFMoN:T2dnVS+WLHCPWe9B60t/o

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
1700	059727718ddf2ad5cb320e20d4b4d30679c83b8ee0d064e104d50c062586ecf8.exe
1700	059727718ddf2ad5cb320e20d4b4d30679c83b8ee0d064e104d50c062586ecf8.exe
1700	059727718ddf2ad5cb320e20d4b4d30679c83b8ee0d064e104d50c062586ecf8.exe
1700	059727718ddf2ad5cb320e20d4b4d30679c83b8ee0d064e104d50c062586ecf8.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1700	059727718ddf2ad5cb320e20d4b4d30679c83b8ee0d064e104d50c062586ecf8.exe
1700	059727718ddf2ad5cb320e20d4b4d30679c83b8ee0d064e104d50c062586ecf8.exe
1700	059727718ddf2ad5cb320e20d4b4d30679c83b8ee0d064e104d50c062586ecf8.exe
1700	059727718ddf2ad5cb320e20d4b4d30679c83b8ee0d064e104d50c062586ecf8.exe

C:\Users\Admin\AppData\Local\Temp\059727718ddf2ad5cb320e20d4b4d30679c83b8ee0d064e104d50c062586ecf8.exe
"C:\Users\Admin\AppData\Local\Temp\059727718ddf2ad5cb320e20d4b4d30679c83b8ee0d064e104d50c062586ecf8.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1700

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\A2761061\q1043425.dll

Filesize
571KB

MD5
ce51c613f3c22d013d966289dfdd7d70

SHA1
1bd5a4983999e998ca75ed477e57ce413979b8df

SHA256
5f66863129100ddf7cebf1538a75a1b8db25cf9dfa9fc863671c0a486047b472

SHA512
05999d9c0ddeb50aef4cbe448b76269248e997c12853d045e22b904bc6e4205464b859d34d517cef7bdf570c18e032d2b3fe28eea28678fbd765bed9dfa87565

Download Submit
\Users\Admin\AppData\Local\Temp\A2761061\q1050726.dll

Filesize
278KB

MD5
17bddadca7044cc7b8406f1ca45210df

SHA1
d74c5236542f4ddbb50cd113dedcd05aa9861ca9

SHA256
4406dc1789f1ebdbfebb7796719d21dcce2250f3a0a07f204cfd0b4f93725f6c

SHA512
1abf4e41912e18b77f7e0ea7ce98e0a5760a554cf79c78dd8ccaf04589fc02579b0fbb5a822acf2d098c2362b778821b1e5e870a55cba5834566a723c0716d50

Download Submit
\Users\Admin\AppData\Local\Temp\A2761061\x1058758.dll

Filesize
748KB

MD5
8cfca59afb9765d422128d2d8a5ee8d2

SHA1
f2287808309e5401e2403b88e024ef7ed05bca87

SHA256
97b19cbe80156fb1672eff111bfa3e3ed523feff076745cdcd86554261af64fd

SHA512
97a3b60a23d51a881ecdef9a0cc5cf63ea033275a114310a4631731c57ccd44d34235d71354f54b7f40a7a211095cc52e63d95938f6962d4f873616aa00e69af

Download Submit
\Users\Admin\AppData\Local\Temp\nsdC90.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
memory/1700-54-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download
memory/1700-61-0x0000000001E30000-0x0000000001E7F000-memory.dmp

Filesize
316KB

Download