Overview

overview

7

Static

static

1

cd6ea4af61...f4.exe

windows7-x64

7

cd6ea4af61...f4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-10-2022 13:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cd6ea4af618737d8ec8e9c0e3be648daf69eae13295f372aa1f9768a4f60e0f4.exe

  • Size

    79KB

  • MD5

    93857ba638710b50f6309ea653b23350

  • SHA1

    829d8c45090ba2b5cd3249b81e4a5db69539348b

  • SHA256

    cd6ea4af618737d8ec8e9c0e3be648daf69eae13295f372aa1f9768a4f60e0f4

  • SHA512

    d7899c0e04a3a9e1e7a9c3f94c888895a09d6c8f679197dbc4f93773f5594c7881a39094de1ab6f69a7af7552fc7b8cd584ef3073abad3db7dfd616d7baf0fb6

  • SSDEEP

    1536:Hf4exGDkeZ4mOoSgJEAJJd4FA4r+mu2kF1sCyLBTzDbuD:/4eYZ4+1JXJJ2xVPE1srLsD

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\cd6ea4af618737d8ec8e9c0e3be648daf69eae13295f372aa1f9768a4f60e0f4.exe
    "C:\Users\Admin\AppData\Local\Temp\cd6ea4af618737d8ec8e9c0e3be648daf69eae13295f372aa1f9768a4f60e0f4.exe"
    1⤵
    • Loads dropped DLL
    PID:1356

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsl713E.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    254f13dfd61c5b7d2119eb2550491e1d

    SHA1

    5083f6804ee3475f3698ab9e68611b0128e22fd6

    SHA256

    fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

    SHA512

    fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsl713E.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    254f13dfd61c5b7d2119eb2550491e1d

    SHA1

    5083f6804ee3475f3698ab9e68611b0128e22fd6

    SHA256

    fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

    SHA512

    fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

    Download Submit