cad5767340ecd4d39985a92186d675d45d5f2d2e84754e04084d93275d512d04

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 23:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cad5767340ecd4d39985a92186d675d45d5f2d2e84754e04084d93275d512d04.exe
Size

128KB
MD5

0f2a543429c9606ffe3a7b952fc64ca0
SHA1

3bcbe25616ea627d844167fd52b317229fa172ce
SHA256

cad5767340ecd4d39985a92186d675d45d5f2d2e84754e04084d93275d512d04
SHA512

e5dfdd9a63e8f94596643b23b10892756170d99053e7730f7e058f5e695afb500756ab1a1620fe15b559148f56d693b347c61aa9b36de81d03abc361645db8ce
SSDEEP

3072:mgXdZt9P6D3XJ6GLEueNRwOEHMgtzXHoL5MIW665A8W15K+hOZFu:me34UGRmwXt5q2pd5A8W1U+hkFu

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
1964	cad5767340ecd4d39985a92186d675d45d5f2d2e84754e04084d93275d512d04.exe
1964	cad5767340ecd4d39985a92186d675d45d5f2d2e84754e04084d93275d512d04.exe
1964	cad5767340ecd4d39985a92186d675d45d5f2d2e84754e04084d93275d512d04.exe
1964	cad5767340ecd4d39985a92186d675d45d5f2d2e84754e04084d93275d512d04.exe
1964	cad5767340ecd4d39985a92186d675d45d5f2d2e84754e04084d93275d512d04.exe
1964	cad5767340ecd4d39985a92186d675d45d5f2d2e84754e04084d93275d512d04.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\greengou\reply.htm	cad5767340ecd4d39985a92186d675d45d5f2d2e84754e04084d93275d512d04.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\cad5767340ecd4d39985a92186d675d45d5f2d2e84754e04084d93275d512d04.exe
"C:\Users\Admin\AppData\Local\Temp\cad5767340ecd4d39985a92186d675d45d5f2d2e84754e04084d93275d512d04.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:1964

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsyF1EF.tmp\Inetc.dll

Filesize
20KB

MD5
50fdadda3e993688401f6f1108fabdb4

SHA1
04a9ae55d0fb726be49809582cea41d75bf22a9a

SHA256
6d6ddc0d2b7d59eb91be44939457858ced5eb23cf4aa93ef33bb600eb28de6f6

SHA512
e9628870feea8c3aaefe22a2af41cf34b1c1778c4a0e81d069f50553ce1a23f68a0ba74b296420b2be92425d4995a43e51c018c2e8197ec2ec39305e87c56be8

Download Submit
\Users\Admin\AppData\Local\Temp\nsyF1EF.tmp\Math.dll

Filesize
66KB

MD5
b140459077c7c39be4bef249c2f84535

SHA1
c56498241c2ddafb01961596da16d08d1b11cd35

SHA256
0598f7d83db44929b7170c1285457b52b4281185f63ced102e709bf065f10d67

SHA512
fbcb19a951d96a216d73b6b3e005338bbb6e11332c6cc8c3f179ccd420b4db0e5682dc4245bd120dcb67bc70960eab368e74c68c7c165a485a12a7d0d8a00328

Download Submit
\Users\Admin\AppData\Local\Temp\nsyF1EF.tmp\Md5dll.dll

Filesize
8KB

MD5
a7d710e78711d5ab90e4792763241754

SHA1
f31cecd926c5d497aba163a17b75975ec34beb13

SHA256
9b05dd603f13c196f3f21c43f48834208fed2294f7090fcd1334931014611fb2

SHA512
f0ca2d6f9a8aeac84ef8b051154a041adffc46e3e9aced142e9c7bf5f7272b047e1db421d38cb2d9182d7442bee3dd806618b019ec042a23ae0e71671d2943c0

Download Submit
\Users\Admin\AppData\Local\Temp\nsyF1EF.tmp\NSISdl.dll

Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
\Users\Admin\AppData\Local\Temp\nsyF1EF.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyF1EF.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
memory/1964-54-0x0000000076411000-0x0000000076413000-memory.dmp

Filesize
8KB

Download
memory/1964-59-0x00000000003D0000-0x00000000003EA000-memory.dmp

Filesize
104KB

Download