Overview

overview

7

Static

static

1

7b94fbf07b...88.exe

windows7-x64

7

7b94fbf07b...88.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    29s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    22/11/2022, 00:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7b94fbf07bc4698e3c7c8b5cdbc7cbe644ac8a0e942e70a9d46bdf66cb4bcf88.exe

  • Size

    13.1MB

  • MD5

    3622d9deb27e47d8e17e7c093182d505

  • SHA1

    ed18708aaa180e187dbb8ba4972aa9b470b50df3

  • SHA256

    7b94fbf07bc4698e3c7c8b5cdbc7cbe644ac8a0e942e70a9d46bdf66cb4bcf88

  • SHA512

    5988dcc2e140a3b6dc7fc5c2a3bd3c79a785353493404ae77ab364b6a54809b52e6edf953f64afa38d071176c5fb8b4cdba02001856bd73038711d1890714168

  • SSDEEP

    393216:oi8Ry6OYkzzRXqLqNB5sM4dMYL42dngb1eX:oi8Qsk5XTc+YL48njX

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b94fbf07bc4698e3c7c8b5cdbc7cbe644ac8a0e942e70a9d46bdf66cb4bcf88.exe
    "C:\Users\Admin\AppData\Local\Temp\7b94fbf07bc4698e3c7c8b5cdbc7cbe644ac8a0e942e70a9d46bdf66cb4bcf88.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:844

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\nst121D.tmp\InstallOptions.dll
          Filesize

          14KB

          MD5

          325b008aec81e5aaa57096f05d4212b5

          SHA1

          27a2d89747a20305b6518438eff5b9f57f7df5c3

          SHA256

          c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

          SHA512

          18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nst121D.tmp\NSISdl.dll
          Filesize

          14KB

          MD5

          a5f8399a743ab7f9c88c645c35b1ebb5

          SHA1

          168f3c158913b0367bf79fa413357fbe97018191

          SHA256

          dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

          SHA512

          824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

          Download Submit

        • memory/844-54-0x0000000075651000-0x0000000075653000-memory.dmp

          Filesize

          8KB

          Download