c1638b9bce335b0e0ed895a4c845974ec9db3e9c3dba844d28535639ec30d8f9

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 12:49

Target

c1638b9bce335b0e0ed895a4c845974ec9db3e9c3dba844d28535639ec30d8f9.exe
Size

50KB
MD5

3a44d28d16561791105cf32ccb355390
SHA1

c5daf24af88740a02d241e2edfeb5676fc44db06
SHA256

c1638b9bce335b0e0ed895a4c845974ec9db3e9c3dba844d28535639ec30d8f9
SHA512

d6de37102dd2c2059bf34d3320634388b6f25497e0add239a8dcb091f5abef36b5d3dc0649fa009681704397629e4e3852c8485afeab86e94f71bb4430059203
SSDEEP

1536:TQpQ5EP0ijnRTXJIVN5cQ8IvCiiRsNS49ga:TQIURTXJI+Q1vC8

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
3776	c1638b9bce335b0e0ed895a4c845974ec9db3e9c3dba844d28535639ec30d8f9.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\c1638b9bce335b0e0ed895a4c845974ec9db3e9c3dba844d28535639ec30d8f9.exe
"C:\Users\Admin\AppData\Local\Temp\c1638b9bce335b0e0ed895a4c845974ec9db3e9c3dba844d28535639ec30d8f9.exe"
1⤵
- Loads dropped DLL
PID:3776

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\nsw8B3F.tmp\700ed6bb-1850-4bd7-bbe6-56117f85f59a.dll

Filesize
20KB

MD5
da889e68c2365dfe79955d6453d85b1f

SHA1
6f4fff73fa16dfeb6b7fc6cdd2d856b8a742fe35

SHA256
beaca401fff78bcb1513ae61de9aac89069b981909b08685973798802c8e7356

SHA512
8c8f256fc62e3e311ec68cabe73973566b9cc31696a960d829bd861c99661f5b5d0f833e1c047aa88ca083a0a60cb73ccba09544eae84c72a580acb4d13ec00b

Download Submit