6a36aa7cdeb982d99c2c5ea7cfe9e80fdc0ab87d3a3a7c38fc33371072ac594f

Analysis

max time kernel
112s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 06:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6a36aa7cdeb982d99c2c5ea7cfe9e80fdc0ab87d3a3a7c38fc33371072ac594f.exe
Size

202KB
MD5

0cfd24515ead98eb032fe2975ce09b40
SHA1

449635237c25af347db19f7e0e943d03d1b61bcb
SHA256

6a36aa7cdeb982d99c2c5ea7cfe9e80fdc0ab87d3a3a7c38fc33371072ac594f
SHA512

4e14ef13c6ad691d0c1af94194054b618ff5d9dd80adcb887769fa70dde136ed2cb864b509a77c695d8385cc69183737a98a02c746d1e0b104afae62728a1ba1
SSDEEP

3072:8QIURTXJ34511/NrjgW4h5Jm1rusmGYtzTfd9go0FUocFZFqAsdKpJvVW4uKDA2f:8s1OpYhHm1ZWtzTfdmo0FdcgA2uHuKMk

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
1608	6a36aa7cdeb982d99c2c5ea7cfe9e80fdc0ab87d3a3a7c38fc33371072ac594f.exe
1608	6a36aa7cdeb982d99c2c5ea7cfe9e80fdc0ab87d3a3a7c38fc33371072ac594f.exe
1608	6a36aa7cdeb982d99c2c5ea7cfe9e80fdc0ab87d3a3a7c38fc33371072ac594f.exe
1608	6a36aa7cdeb982d99c2c5ea7cfe9e80fdc0ab87d3a3a7c38fc33371072ac594f.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\6a36aa7cdeb982d99c2c5ea7cfe9e80fdc0ab87d3a3a7c38fc33371072ac594f.exe
"C:\Users\Admin\AppData\Local\Temp\6a36aa7cdeb982d99c2c5ea7cfe9e80fdc0ab87d3a3a7c38fc33371072ac594f.exe"
1⤵
- Loads dropped DLL
PID:1608

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nshB4A1.tmp\inetc.dll

Filesize
20KB

MD5
f02155fa3e59a8fc48a74a236b2bb42e

SHA1
6d76ee8f86fb29f3352c9546250d940f1a476fb8

SHA256
096a4dc5150f631b4d4d10cae07ef0974dda205b174399f46209265e89c2c999

SHA512
8be78e88c5ef2cd01713f7b5154cfdeea65605cc5d110522375884eeec6bad68616a4058356726cbbd15d28b42914864045f0587e1e49a4e18336f06c1c73399

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshB4A1.tmp\inetc.dll

Filesize
20KB

MD5
f02155fa3e59a8fc48a74a236b2bb42e

SHA1
6d76ee8f86fb29f3352c9546250d940f1a476fb8

SHA256
096a4dc5150f631b4d4d10cae07ef0974dda205b174399f46209265e89c2c999

SHA512
8be78e88c5ef2cd01713f7b5154cfdeea65605cc5d110522375884eeec6bad68616a4058356726cbbd15d28b42914864045f0587e1e49a4e18336f06c1c73399

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshB4A1.tmp\inetc.dll

Filesize
20KB

MD5
f02155fa3e59a8fc48a74a236b2bb42e

SHA1
6d76ee8f86fb29f3352c9546250d940f1a476fb8

SHA256
096a4dc5150f631b4d4d10cae07ef0974dda205b174399f46209265e89c2c999

SHA512
8be78e88c5ef2cd01713f7b5154cfdeea65605cc5d110522375884eeec6bad68616a4058356726cbbd15d28b42914864045f0587e1e49a4e18336f06c1c73399

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshB4A1.tmp\inetc.dll

Filesize
20KB

MD5
f02155fa3e59a8fc48a74a236b2bb42e

SHA1
6d76ee8f86fb29f3352c9546250d940f1a476fb8

SHA256
096a4dc5150f631b4d4d10cae07ef0974dda205b174399f46209265e89c2c999

SHA512
8be78e88c5ef2cd01713f7b5154cfdeea65605cc5d110522375884eeec6bad68616a4058356726cbbd15d28b42914864045f0587e1e49a4e18336f06c1c73399

Download Submit