da7f746dc44f3773ff082dda491584e709b786eb8af10668e7596b6ec2309df1

Analysis

max time kernel
44s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 06:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

da7f746dc44f3773ff082dda491584e709b786eb8af10668e7596b6ec2309df1.exe
Size

179KB
MD5

ddcd66e94b07500f1b0773b2b863ee4a
SHA1

ccf3aa5bb0681a235b0382f69010adf36f93206d
SHA256

da7f746dc44f3773ff082dda491584e709b786eb8af10668e7596b6ec2309df1
SHA512

de67eb2a250b9a0877ea9b4a1b7e41a08e8c3e8acd05e87c3667f1b9d1973f3f657c0e01dfc897163466b8005f55aad3a04db3ef651b7b7dfde3400e05ac31e2
SSDEEP

3072:CstajHKBvYXJLdUYRD66Ybm7xTVDjpAsZ7L420nGlEOMGDHNWMzPwU/U7AcLtqKO:CTq+rUaD6ry7vZ9B4nGiREHNDPBcVtqt

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x00060000000141d1-56.dat	acprotect
behavioral1/files/0x000600000001422b-57.dat	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00060000000141d1-56.dat	upx
behavioral1/files/0x000600000001422b-57.dat	upx
behavioral1/memory/1760-59-0x0000000074440000-0x000000007444B000-memory.dmp	upx

Loads dropped DLL 5 IoCs

pid	Process
1760	da7f746dc44f3773ff082dda491584e709b786eb8af10668e7596b6ec2309df1.exe
1760	da7f746dc44f3773ff082dda491584e709b786eb8af10668e7596b6ec2309df1.exe
1760	da7f746dc44f3773ff082dda491584e709b786eb8af10668e7596b6ec2309df1.exe
1760	da7f746dc44f3773ff082dda491584e709b786eb8af10668e7596b6ec2309df1.exe
1760	da7f746dc44f3773ff082dda491584e709b786eb8af10668e7596b6ec2309df1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\da7f746dc44f3773ff082dda491584e709b786eb8af10668e7596b6ec2309df1.exe
"C:\Users\Admin\AppData\Local\Temp\da7f746dc44f3773ff082dda491584e709b786eb8af10668e7596b6ec2309df1.exe"
1⤵
- Loads dropped DLL
PID:1760

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsy123C.tmp\LogEx.dll

Filesize
44KB

MD5
1c440ec84001c94327082aca9bdbd0d1

SHA1
4f35b29e8e1ca44368d15506c28a0873bed1c9f3

SHA256
f6d21ef2fa853b922c94d66d3abd9277ad71bc1be73a8d8418bc06635925a343

SHA512
32a2c9641d1390295249a52fab38f8bc8379be80395a9b27b4e157d37b66a1c1f9f49f940ccd24725c59f9de9a585690292119e11faea3e93d4054d9db00e93a

Download Submit
\Users\Admin\AppData\Local\Temp\nsy123C.tmp\NSISdl.dll

Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
\Users\Admin\AppData\Local\Temp\nsy123C.tmp\NSISdl.dll

Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
\Users\Admin\AppData\Local\Temp\nsy123C.tmp\nsJSON.dll

Filesize
7KB

MD5
1273161f8a69272e44ceb109d8d447b9

SHA1
a330d1ddbaac74fba14de9435e4156a4a364d7d7

SHA256
b6d7cf201bddd18a999936e46f9803fab95a9c0ff97f32bbe8418b970944f0f0

SHA512
4f0026f2fe8355809719b7506ae6fcbe65f853b7416cfb29d5abe30b05f134ce2d9208f515899bee73e00cb8b2c21d7048c11aa76e5cf13491ccfcf8884f7ccb

Download Submit
\Users\Admin\AppData\Local\Temp\nsy123C.tmp\nsRandom.dll

Filesize
21KB

MD5
ab467b8dfaa660a0f0e5b26e28af5735

SHA1
596abd2c31eaff3479edf2069db1c155b59ce74d

SHA256
db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73

SHA512
7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301

Download Submit
memory/1760-54-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

Filesize
8KB

Download
memory/1760-59-0x0000000074440000-0x000000007444B000-memory.dmp

Filesize
44KB

Download
memory/1760-60-0x0000000002E50000-0x0000000002E62000-memory.dmp

Filesize
72KB

Download