Overview

overview

7

Static

static

ab76fb0ceb...69.exe

windows7-x64

7

ab76fb0ceb...69.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    181s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-11-2022 09:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab76fb0ceb9735fd13fbade24f3eba40a6ececa8364881948e635258d762a069.exe

  • Size

    768KB

  • MD5

    1c1d6ea16385da2d20c158010e541fd2

  • SHA1

    a6440b69306558bed06112b6256cfbbab14c90e5

  • SHA256

    ab76fb0ceb9735fd13fbade24f3eba40a6ececa8364881948e635258d762a069

  • SHA512

    20773e08bbcf3fdf07e557608ecc3023eadd7748c5f0c9f695473b71be90a7f135c60871ab4e76acaa0c7ee788f4f6b7a7ac028181745c01d94578540e6404bc

  • SSDEEP

    24576:6V+ib34kxgV/MQko77ufwU+9QpKOk3zFVx8EqPs:M34kykRoU+9S8x5qPs

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab76fb0ceb9735fd13fbade24f3eba40a6ececa8364881948e635258d762a069.exe
    "C:\Users\Admin\AppData\Local\Temp\ab76fb0ceb9735fd13fbade24f3eba40a6ececa8364881948e635258d762a069.exe"
    1⤵
    • Loads dropped DLL
    PID:1784

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsp793.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    6e8be59d69cae90b7c46dc032d3da9c2

    SHA1

    867aadabf248b0d5a5002c0ff53fa4a23939a7a4

    SHA256

    ca751b693af5a6c33842ea993824536aaa8f6e191fa40078f5d54aaf853c163b

    SHA512

    c49e789267a769122d0fac366b1590591debeb33dbe0cdbd0f853e26c2a1938646dc6093e92d89cbf2bebb79729f547d3dfa0fd64e3ab4bb9127b6cdc546cbc3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsp793.tmp\System.dll
    Filesize

    11KB

    MD5

    b3d5e62d09f6047905a45e5f2f0cf2ef

    SHA1

    bdc0155578aea04da50e981abf762ae0968ad1a6

    SHA256

    dc6a9ed86c21f1cb6a7cb33f32ec0c09ef610741ff5f88c1ae17b92d075bc23a

    SHA512

    64e12a2fdee36079f817351cd0c3bbd5bb132d3e15453d1581d8de375413669054458c0ec83fc40f4fb3af1616e70ed87ccb74b37f6ed9c2513947eafc66a024

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsp793.tmp\__653a2dd4a46d497ea0e8121745c3edfc_lib.dll
    Filesize

    758KB

    MD5

    0c74fe995f601e6abdc77ad0a913a1d3

    SHA1

    8dde82640f05c072a9349953132f73cea6fc1278

    SHA256

    c3049c1927d03e5860597282123279801aa5603070347f435744b2c4ae5b3c17

    SHA512

    000cdc8c6ef0bfe4a6b1bd5dfbb09786edbad73e62827bc6c3169f6aa3ab6f0064dd1d82e6b0313be14ac9432ff95e0f0bb0eb76ba9d12eb51c8b6de89e12905

    Download Submit