e556a5d3a10a8dee862aea8cfabffe7b219e2e540ca288adc20dc67e85af3a4e

Analysis

max time kernel
177s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 10:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e556a5d3a10a8dee862aea8cfabffe7b219e2e540ca288adc20dc67e85af3a4e.exe
Size

84KB
MD5

c1e0883de5abdb78b360d247a1cf4626
SHA1

9c5dc5844655b5e6d3885a3c095e5b3e6c5631c2
SHA256

e556a5d3a10a8dee862aea8cfabffe7b219e2e540ca288adc20dc67e85af3a4e
SHA512

fafc80897c9c29df00b463cfdff5d8e9df37b9a70c9d95d2367509fa019bf79f3e0b684f589886ca6d312fbeff93894df477c10c0c138158d44058b09beded3a
SSDEEP

1536:ffYBrbzmFizYwUK1G0DRXJf79rjd1V/DOx1ntfaL/x6s+bVAvEG+4Duqc:XY4FizYxCDRXJjNhDqpkx3zvf+4Dy

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

Processes:

e556a5d3a10a8dee862aea8cfabffe7b219e2e540ca288adc20dc67e85af3a4e.exe

pid	process
4488	e556a5d3a10a8dee862aea8cfabffe7b219e2e540ca288adc20dc67e85af3a4e.exe
4488	e556a5d3a10a8dee862aea8cfabffe7b219e2e540ca288adc20dc67e85af3a4e.exe
4488	e556a5d3a10a8dee862aea8cfabffe7b219e2e540ca288adc20dc67e85af3a4e.exe
4488	e556a5d3a10a8dee862aea8cfabffe7b219e2e540ca288adc20dc67e85af3a4e.exe
4488	e556a5d3a10a8dee862aea8cfabffe7b219e2e540ca288adc20dc67e85af3a4e.exe
4488	e556a5d3a10a8dee862aea8cfabffe7b219e2e540ca288adc20dc67e85af3a4e.exe
4488	e556a5d3a10a8dee862aea8cfabffe7b219e2e540ca288adc20dc67e85af3a4e.exe
4488	e556a5d3a10a8dee862aea8cfabffe7b219e2e540ca288adc20dc67e85af3a4e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\e556a5d3a10a8dee862aea8cfabffe7b219e2e540ca288adc20dc67e85af3a4e.exe
"C:\Users\Admin\AppData\Local\Temp\e556a5d3a10a8dee862aea8cfabffe7b219e2e540ca288adc20dc67e85af3a4e.exe"
1⤵
- Loads dropped DLL
PID:4488

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsw639D.tmp\blowfish.dll

Filesize
22KB

MD5
5afd4a9b7e69e7c6e312b2ce4040394a

SHA1
fbd07adb3f02f866dc3a327a86b0f319d4a94502

SHA256
053b4487d22aacf8274bab448ae1d665fe7926102197b47bfba6c7ed5493b3ae

SHA512
f78efe9d1fa7d2ffc731d5f878f81e4dcbfaf0c561fdfbf4c133ba2ce1366c95c4672d67cae6a8bd8fcc7d04861a9da389d98361055ac46fc9793828d9776511

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw639D.tmp\blowfish.dll

Filesize
22KB

MD5
5afd4a9b7e69e7c6e312b2ce4040394a

SHA1
fbd07adb3f02f866dc3a327a86b0f319d4a94502

SHA256
053b4487d22aacf8274bab448ae1d665fe7926102197b47bfba6c7ed5493b3ae

SHA512
f78efe9d1fa7d2ffc731d5f878f81e4dcbfaf0c561fdfbf4c133ba2ce1366c95c4672d67cae6a8bd8fcc7d04861a9da389d98361055ac46fc9793828d9776511

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw639D.tmp\inetc.dll

Filesize
24KB

MD5
1efbbf5a54eb145a1a422046fd8dfb2c

SHA1
ec4efd0a95bb72fd4cf47423647e33e5a3fddf26

SHA256
983859570099b941c19d5eb9755eda19dd21f63e8ccad70f6e93f055c329d341

SHA512
7fdeba8c961f3507162eb59fb8b9b934812d449cc85c924f61722a099618d771fed91cfb3944e10479280b73648a9a5cbb23482d7b7f8bfb130f23e8fd6c15fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw639D.tmp\inetc.dll

Filesize
24KB

MD5
1efbbf5a54eb145a1a422046fd8dfb2c

SHA1
ec4efd0a95bb72fd4cf47423647e33e5a3fddf26

SHA256
983859570099b941c19d5eb9755eda19dd21f63e8ccad70f6e93f055c329d341

SHA512
7fdeba8c961f3507162eb59fb8b9b934812d449cc85c924f61722a099618d771fed91cfb3944e10479280b73648a9a5cbb23482d7b7f8bfb130f23e8fd6c15fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw639D.tmp\inetc.dll

Filesize
24KB

MD5
1efbbf5a54eb145a1a422046fd8dfb2c

SHA1
ec4efd0a95bb72fd4cf47423647e33e5a3fddf26

SHA256
983859570099b941c19d5eb9755eda19dd21f63e8ccad70f6e93f055c329d341

SHA512
7fdeba8c961f3507162eb59fb8b9b934812d449cc85c924f61722a099618d771fed91cfb3944e10479280b73648a9a5cbb23482d7b7f8bfb130f23e8fd6c15fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw639D.tmp\manlib.dll

Filesize
25KB

MD5
94ba775c8a1f4d6c9bb1966eddce22b5

SHA1
4ed1946ecfb758cc0f68aa452401b37454a107d7

SHA256
5d39bdd81b123645e3f7cc1006deae96dbaaabe71946e235897a50fbb314e125

SHA512
5f42ac7bd636ed372d4bc8d0c140007e2123cbf82effcacd388d67aedaef54110f9a01463d293016c2487de9f2725cefdc6f4e59e78c1bd6fb3f379e721c6e6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw639D.tmp\manlib.dll

Filesize
25KB

MD5
94ba775c8a1f4d6c9bb1966eddce22b5

SHA1
4ed1946ecfb758cc0f68aa452401b37454a107d7

SHA256
5d39bdd81b123645e3f7cc1006deae96dbaaabe71946e235897a50fbb314e125

SHA512
5f42ac7bd636ed372d4bc8d0c140007e2123cbf82effcacd388d67aedaef54110f9a01463d293016c2487de9f2725cefdc6f4e59e78c1bd6fb3f379e721c6e6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw639D.tmp\registry.dll

Filesize
24KB

MD5
2b7007ed0262ca02ef69d8990815cbeb

SHA1
2eabe4f755213666dbbbde024a5235ddde02b47f

SHA256
0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d

SHA512
aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

Download Submit
memory/4488-138-0x0000000002571000-0x0000000002575000-memory.dmp

Filesize
16KB

Download
memory/4488-141-0x0000000002571000-0x0000000002575000-memory.dmp

Filesize
16KB

Download