Analysis

  • max time kernel
    43s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    31/10/2022, 22:06

General

  • Target

    4f2d4a8bb5af50664e95b4dbe2b0f8c8d6810db7ca890148408e924548baa4fe.exe

  • Size

    5.3MB

  • MD5

    197f2b7228d5ef1227e05e108839a0a3

  • SHA1

    545230985f580ca9f3aeb9e258e02bffb85496a3

  • SHA256

    4f2d4a8bb5af50664e95b4dbe2b0f8c8d6810db7ca890148408e924548baa4fe

  • SHA512

    eae0fc23c10a8971c12fd7d9271ceb619ef4dbb23a3bdcbeb75c69af7da8018a998d6ab118bbed8b3fef7a302479470ad475b1a87f45cab84f86666fd96f6caa

  • SSDEEP

    98304:1JzzSsuoNM17IdkuHbqYnUt8qpjAoKa3BudIs0Op9pn4Mgtx2wb1D:HNusKGeYnbja3BudIJOpT4Wg1D

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\4f2d4a8bb5af50664e95b4dbe2b0f8c8d6810db7ca890148408e924548baa4fe.exe
    "C:\Users\Admin\AppData\Local\Temp\4f2d4a8bb5af50664e95b4dbe2b0f8c8d6810db7ca890148408e924548baa4fe.exe"
    1⤵
    • Loads dropped DLL
    PID:1184

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\nsj25FA.tmp\InstallOptions.dll

          Filesize

          12KB

          MD5

          d61d6c709e7947296603059f8bedeba9

          SHA1

          bdcfc90c358c82be43ef85727a7bdfebbd6d1b69

          SHA256

          65012a46603b7e13807938e2a61f3c2a60cced3fb3187dfab3e391705e2c3f63

          SHA512

          ed5a6efd1dd5e2119a9c523b9f9154e13552b3538bf72f4b8b02d6a9c808c3ae2ba7613d9e2b3395237461703f2da0a1482a52727ffcf6fc967552390dab0f2b

        • \Users\Admin\AppData\Local\Temp\nsj25FA.tmp\LangDLL.dll

          Filesize

          5KB

          MD5

          8be27f3bdec2b49d0a6a674716622304

          SHA1

          70d17db576ed484a4c0195571118d307fd4dc1b9

          SHA256

          4fe0a8391574867d8bdc6fb33555d90e02796563f02d1e6536acc3294a85bd47

          SHA512

          add9f37dd0d7a27f19d172c82599a79d049385c12cdfb78745ce2b0685ecea8f85c718bd62ecd671bbed949529429500853534b63226809e707ad3745a8fc801

        • memory/1184-54-0x0000000075A11000-0x0000000075A13000-memory.dmp

          Filesize

          8KB