c1638b9bce335b0e0ed895a4c845974ec9db3e9c3dba844d28535639ec30d8f9

Analysis

max time kernel
18s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
21/11/2022, 12:49

Target

c1638b9bce335b0e0ed895a4c845974ec9db3e9c3dba844d28535639ec30d8f9.exe
Size

50KB
MD5

3a44d28d16561791105cf32ccb355390
SHA1

c5daf24af88740a02d241e2edfeb5676fc44db06
SHA256

c1638b9bce335b0e0ed895a4c845974ec9db3e9c3dba844d28535639ec30d8f9
SHA512

d6de37102dd2c2059bf34d3320634388b6f25497e0add239a8dcb091f5abef36b5d3dc0649fa009681704397629e4e3852c8485afeab86e94f71bb4430059203
SSDEEP

1536:TQpQ5EP0ijnRTXJIVN5cQ8IvCiiRsNS49ga:TQIURTXJI+Q1vC8

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
952	c1638b9bce335b0e0ed895a4c845974ec9db3e9c3dba844d28535639ec30d8f9.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\c1638b9bce335b0e0ed895a4c845974ec9db3e9c3dba844d28535639ec30d8f9.exe
"C:\Users\Admin\AppData\Local\Temp\c1638b9bce335b0e0ed895a4c845974ec9db3e9c3dba844d28535639ec30d8f9.exe"
1⤵
- Loads dropped DLL
PID:952

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\Users\Admin\AppData\Local\Temp\nsd5035.tmp\700ed6bb-1850-4bd7-bbe6-56117f85f59a.dll

Filesize
20KB

MD5
da889e68c2365dfe79955d6453d85b1f

SHA1
6f4fff73fa16dfeb6b7fc6cdd2d856b8a742fe35

SHA256
beaca401fff78bcb1513ae61de9aac89069b981909b08685973798802c8e7356

SHA512
8c8f256fc62e3e311ec68cabe73973566b9cc31696a960d829bd861c99661f5b5d0f833e1c047aa88ca083a0a60cb73ccba09544eae84c72a580acb4d13ec00b

Download Submit
memory/952-54-0x0000000074ED1000-0x0000000074ED3000-memory.dmp

Filesize
8KB

Download