fa02f1378d7fc1d1599dd3750c2ed9c93807d6a5bfc713cda003ac83b2e7359d

Analysis

max time kernel
150s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/11/2022, 13:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Outspin203.exe
Size

340KB
MD5

835f8284c5eb6321d755e5a1371ba51b
SHA1

7fc7f45264c7dabf05d95f30f80db34c275904f8
SHA256

fa02f1378d7fc1d1599dd3750c2ed9c93807d6a5bfc713cda003ac83b2e7359d
SHA512

2ce6885fdc71b754e4090734f9aeb27e027caf3dbedfc2b0fc55cd1541a910f23b3dea81a2df3716376d07d98e31893268817bb03a606c326f0739861a39f5d1
SSDEEP

6144:SYa64To0x7DlvxRjPKpmLX8Al69h71z4u1gYyywyBt7:SYeTo0x7DlvLjS0wJh71z4ilyByBx

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
852	Outspin203.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Fonts\Blegnbbethed\Skifferdkkerens\Unthatched\Rerail.Syg	Outspin203.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\Outspin203.exe
"C:\Users\Admin\AppData\Local\Temp\Outspin203.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
PID:852

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nse9560.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
memory/852-54-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

Filesize
8KB

Download