Overview

overview

7

Static

static

1

4a2f1c2d95...45.exe

windows7-x64

7

4a2f1c2d95...45.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/10/2022, 10:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4a2f1c2d9550e11501823f1ab3a8a0b809be22911a981138a8d6c82b372b1645.exe

  • Size

    52KB

  • MD5

    485e3b75028feea4997c33099a7b579a

  • SHA1

    ae5835fa745ea8f0eefeb151baa5c441a4ad380c

  • SHA256

    4a2f1c2d9550e11501823f1ab3a8a0b809be22911a981138a8d6c82b372b1645

  • SHA512

    c676e2a7a5375ce6d308cf91929471a3f61fab25523633c56ace07149e7426958d40969cc5d1086e41adde648c87045f602984f9bfbcb7b77640c81bc4169de5

  • SSDEEP

    768:31cVhpQI2EQK0iPDh84nScF15GYbWjXO3XJwMyAc/VmRnUQz9vFysdTxkC:FQpQ5EP0ijnRTXJwMyAc/VgUM9vzTkC

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a2f1c2d9550e11501823f1ab3a8a0b809be22911a981138a8d6c82b372b1645.exe
    "C:\Users\Admin\AppData\Local\Temp\4a2f1c2d9550e11501823f1ab3a8a0b809be22911a981138a8d6c82b372b1645.exe"
    1⤵
    • Loads dropped DLL
    PID:4920

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nslD807.tmp\UAC.dll
          Filesize

          13KB

          MD5

          431e5b960aa15af5d153bae6ba6b7e87

          SHA1

          e090c90be02e0bafe5f3d884c0525d8f87b3db40

          SHA256

          a6d956f28c32e8aa2ab2df13ef52637e23113fab41225031e7a3d47390a6cf13

          SHA512

          f1526c7e4d0fce8ab378e43e89aafb1d7e9d57ef5324501e804091e99331dd2544912181d6d4a07d30416fe17c892867c593aee623834935e11c7bb385c6a0a8

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nslD807.tmp\inetc.dll
          Filesize

          21KB

          MD5

          d7a3fa6a6c738b4a3c40d5602af20b08

          SHA1

          34fc75d97f640609cb6cadb001da2cb2c0b3538a

          SHA256

          67eff17c53a78c8ec9a28f392b9bb93df3e74f96f6ecd87a333a482c36546b3e

          SHA512

          75cf123448567806be5f852ebf70f398da881e89994b82442a1f4bc6799894e799f979f5ab1cc9ba12617e48620e6c34f71e23259da498da37354e5fd3c0f934

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nslD807.tmp\nsExec.dll
          Filesize

          6KB

          MD5

          acc2b699edfea5bf5aae45aba3a41e96

          SHA1

          d2accf4d494e43ceb2cff69abe4dd17147d29cc2

          SHA256

          168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

          SHA512

          e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nslD807.tmp\nsExec.dll
          Filesize

          6KB

          MD5

          acc2b699edfea5bf5aae45aba3a41e96

          SHA1

          d2accf4d494e43ceb2cff69abe4dd17147d29cc2

          SHA256

          168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

          SHA512

          e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

          Download Submit