9958542c9d3ca0b21fff2487caa701860f941c28834e5ff77bc297f1ef1201c3

Analysis

max time kernel
133s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/11/2022, 19:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9958542c9d3ca0b21fff2487caa701860f941c28834e5ff77bc297f1ef1201c3.exe
Size

11.2MB
MD5

2800fe52942828b1f7423177aa61c643
SHA1

d93629df06b511477dab16442e9554c21c008c6b
SHA256

9958542c9d3ca0b21fff2487caa701860f941c28834e5ff77bc297f1ef1201c3
SHA512

37da687803fc5fbc30259d1884aff0fbb16fc68fa59b6a54a4ec67e0f8bd080b84c67f2328cda6266180e66f10be9c417b79edfa7a564d601338b41f6f498977
SSDEEP

196608:4Fhbbh5nHe6TtwwQDImSmaMR61FQDFBaqTB9GcYAWb+8fwQCw5:4vbhRtyDImD4FQDF/THGDhb+M/Cw5

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
2088	9958542c9d3ca0b21fff2487caa701860f941c28834e5ff77bc297f1ef1201c3.exe
2088	9958542c9d3ca0b21fff2487caa701860f941c28834e5ff77bc297f1ef1201c3.exe
2088	9958542c9d3ca0b21fff2487caa701860f941c28834e5ff77bc297f1ef1201c3.exe
2088	9958542c9d3ca0b21fff2487caa701860f941c28834e5ff77bc297f1ef1201c3.exe
2088	9958542c9d3ca0b21fff2487caa701860f941c28834e5ff77bc297f1ef1201c3.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\9958542c9d3ca0b21fff2487caa701860f941c28834e5ff77bc297f1ef1201c3.exe
"C:\Users\Admin\AppData\Local\Temp\9958542c9d3ca0b21fff2487caa701860f941c28834e5ff77bc297f1ef1201c3.exe"
1⤵
- Loads dropped DLL
PID:2088

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsb7E4F.tmp\InstallOptions.dll

Filesize
12KB

MD5
cce5450725a9429a1d3c7aa851d40e8d

SHA1
05722500e42757ac03f2558452a064b906e31937

SHA256
d850c786a68df9520a3ecf2a96f4f091c9bae71d3adbf7731e8c172533cb266d

SHA512
3ddb56429e097ecf942e8a5147ba4c4191c52b736df267934f0dca75ffa74faffee8911dda47c5d2542f91138abbcaf61be3e3d68b368631d6bc21e254b5c637

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7E4F.tmp\System.dll

Filesize
10KB

MD5
24a04541a0d2312e472f8236fd205ea8

SHA1
c47eeee6fc23590311f2860d80baa954386a8ce9

SHA256
74d7ac9e94305c3d30cfc19279ee73fa891bd5ae8800610dee391d1880825e19

SHA512
65e061d2776bc0db53ea8aa35fb50152818c74fa9735f1a5a370315c4dacaf2cb79374ec59174d86c2e87f5b0bb8662f8cee6ff97ae93261c9a9a05bd3cc1adf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7E4F.tmp\System.dll

Filesize
10KB

MD5
24a04541a0d2312e472f8236fd205ea8

SHA1
c47eeee6fc23590311f2860d80baa954386a8ce9

SHA256
74d7ac9e94305c3d30cfc19279ee73fa891bd5ae8800610dee391d1880825e19

SHA512
65e061d2776bc0db53ea8aa35fb50152818c74fa9735f1a5a370315c4dacaf2cb79374ec59174d86c2e87f5b0bb8662f8cee6ff97ae93261c9a9a05bd3cc1adf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7E4F.tmp\UserInfo.dll

Filesize
4KB

MD5
43f01045f0ea2fba6987be0c5acc4f09

SHA1
de970efa43539d7d2c5ddf41e741cef7819e86b6

SHA256
a535dcf35a0b8f89b32fa61f0f2e168de421f90f0ef4956132050cb0d8140ab2

SHA512
fb187cc74b213b8ef5903b52baccf44ec9d24ef6ce18c6a38309a07a1baee5434790057fa6a892ff07ec9f94c3bee2bd6f66fca39f0995087e7611db8cfbc236

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7E4F.tmp\UserInfo.dll

Filesize
4KB

MD5
43f01045f0ea2fba6987be0c5acc4f09

SHA1
de970efa43539d7d2c5ddf41e741cef7819e86b6

SHA256
a535dcf35a0b8f89b32fa61f0f2e168de421f90f0ef4956132050cb0d8140ab2

SHA512
fb187cc74b213b8ef5903b52baccf44ec9d24ef6ce18c6a38309a07a1baee5434790057fa6a892ff07ec9f94c3bee2bd6f66fca39f0995087e7611db8cfbc236

Download Submit