Analysis

  • max time kernel
    143s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 07:40

General

  • Target

    7ab8412ed8349876372462f8e3dc7623667091d5aea18ba2481459d242134780.exe

  • Size

    1.6MB

  • MD5

    3cc908eff0ff982e2aa47b289102c77e

  • SHA1

    f91fba422706ce678d7aa443eca2a368cc1b638d

  • SHA256

    7ab8412ed8349876372462f8e3dc7623667091d5aea18ba2481459d242134780

  • SHA512

    58ae3cc7ab4487e4834e6ed077dc278adf5cca26c33757f4893c5c10e666945d18c277b0acd3c43425ffb842d94ee2899dcdc3e0605c91281261777d8cc37464

  • SSDEEP

    49152:DzSVTNqmq7h4zSjNxnn3eFKR+NxUK20NElr:q3adsShFn3eEZK2mElr

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7ab8412ed8349876372462f8e3dc7623667091d5aea18ba2481459d242134780.exe
    "C:\Users\Admin\AppData\Local\Temp\7ab8412ed8349876372462f8e3dc7623667091d5aea18ba2481459d242134780.exe"
    1⤵
    • Loads dropped DLL
    PID:1720

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsl7E8C.tmp\InstallOptions.dll

    Filesize

    12KB

    MD5

    1d5c649dde35003a618b9679d5d71b92

    SHA1

    0409bbab3ab34f8c01289cdd847b4d1a32d05b18

    SHA256

    0f4d3cee24e3f310fa804983c931d3628613988a24f0be7854f63a9309b8e45f

    SHA512

    b432ebcc52905662d61a3f17e08e209a3f9d836a9071b3b5e80070af7ebcf34cf66c44426dda041c2a258fda4787e5692e2b35acbcd73288fb84fe3c977bbfd9