Overview

overview

9

Static

static

1

a8a8662e59...85.exe

windows7-x64

9

a8a8662e59...85.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    27s
  • max time network
    51s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06/11/2022, 04:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a8a8662e5920b196deb0f4955b1408af12ca43c6084b718d10edb3fa6fe59f85.exe

  • Size

    150KB

  • MD5

    197623f43390b4e58a74de99844b45a0

  • SHA1

    84708bd880a25230fa8337d58fd58e1e35525a56

  • SHA256

    a8a8662e5920b196deb0f4955b1408af12ca43c6084b718d10edb3fa6fe59f85

  • SHA512

    04144cd4757ed79b0d2c7a8cbe8124f0774f3691222428b3292e02a1e1686c42cab00c54dfa3699c20fdc48948ae764e435de6e184109a08378795c1d2ce6adb

  • SSDEEP

    3072:AQIURTXJ4i45JB2eBlnIPq9ddAPR/TOiJ6QWqpYtCtHLER0tdkML:AsGi6B2eu5NT3J6QWqDtHLERWKo

Score
9/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\a8a8662e5920b196deb0f4955b1408af12ca43c6084b718d10edb3fa6fe59f85.exe
    "C:\Users\Admin\AppData\Local\Temp\a8a8662e5920b196deb0f4955b1408af12ca43c6084b718d10edb3fa6fe59f85.exe"
    1⤵
    • Loads dropped DLL
    PID:1968

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\nsj31DD.tmp\LogEx.dll
          Filesize

          44KB

          MD5

          1c440ec84001c94327082aca9bdbd0d1

          SHA1

          4f35b29e8e1ca44368d15506c28a0873bed1c9f3

          SHA256

          f6d21ef2fa853b922c94d66d3abd9277ad71bc1be73a8d8418bc06635925a343

          SHA512

          32a2c9641d1390295249a52fab38f8bc8379be80395a9b27b4e157d37b66a1c1f9f49f940ccd24725c59f9de9a585690292119e11faea3e93d4054d9db00e93a

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsj31DD.tmp\NSISdl.dll
          Filesize

          14KB

          MD5

          a5f8399a743ab7f9c88c645c35b1ebb5

          SHA1

          168f3c158913b0367bf79fa413357fbe97018191

          SHA256

          dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

          SHA512

          824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsj31DD.tmp\NSISdl.dll
          Filesize

          14KB

          MD5

          a5f8399a743ab7f9c88c645c35b1ebb5

          SHA1

          168f3c158913b0367bf79fa413357fbe97018191

          SHA256

          dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

          SHA512

          824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsj31DD.tmp\nsJSON.dll
          Filesize

          7KB

          MD5

          1273161f8a69272e44ceb109d8d447b9

          SHA1

          a330d1ddbaac74fba14de9435e4156a4a364d7d7

          SHA256

          b6d7cf201bddd18a999936e46f9803fab95a9c0ff97f32bbe8418b970944f0f0

          SHA512

          4f0026f2fe8355809719b7506ae6fcbe65f853b7416cfb29d5abe30b05f134ce2d9208f515899bee73e00cb8b2c21d7048c11aa76e5cf13491ccfcf8884f7ccb

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsj31DD.tmp\nsRandom.dll
          Filesize

          21KB

          MD5

          ab467b8dfaa660a0f0e5b26e28af5735

          SHA1

          596abd2c31eaff3479edf2069db1c155b59ce74d

          SHA256

          db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73

          SHA512

          7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301

          Download Submit

        • memory/1968-54-0x00000000756B1000-0x00000000756B3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1968-59-0x00000000750B0000-0x00000000750BB000-memory.dmp

          Filesize

          44KB

          Download

        • memory/1968-60-0x0000000000500000-0x0000000000512000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1968-61-0x0000000000500000-0x0000000000512000-memory.dmp

          Filesize

          72KB

          Download