Analysis
-
max time kernel
153s -
max time network
165s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 12:50
Static task
static1
Behavioral task
behavioral1
Sample
e6b39a0907d079e287c16356b2662582e8170b35ab5fc17180d84c4175a7e0fa.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e6b39a0907d079e287c16356b2662582e8170b35ab5fc17180d84c4175a7e0fa.exe
Resource
win10v2004-20220812-en
General
-
Target
e6b39a0907d079e287c16356b2662582e8170b35ab5fc17180d84c4175a7e0fa.exe
-
Size
136KB
-
MD5
f977faff2d4ee5f163065ea8e9e47550
-
SHA1
3ca6ab1611dddbed8e575008722f7a210f564de8
-
SHA256
e6b39a0907d079e287c16356b2662582e8170b35ab5fc17180d84c4175a7e0fa
-
SHA512
96e65f89d9421e13f0dc98e829f57aa2808a639099a686dbbd7d3c9d9ee1b3ba17c7e64d30b28771789d1d2d4b02f2139768badc7b9c263734ce6f387d2e23c0
-
SSDEEP
3072:Wz0WmlPw1F4lPJBDTsBfB1IEbkzAhkibgpg1phtOJEbSYi9wHO:42FwvQzwBfBAz7iMSTtcEbSYcwu
Malware Config
Signatures
-
Drops file in Drivers directory 2 IoCs
Processes:
e6b39a0907d079e287c16356b2662582e8170b35ab5fc17180d84c4175a7e0fa.exedescription ioc process File created C:\Windows\SysWOW64\drivers\acpidisk.sys e6b39a0907d079e287c16356b2662582e8170b35ab5fc17180d84c4175a7e0fa.exe File opened for modification C:\Windows\SysWOW64\drivers\acpidisk.sys e6b39a0907d079e287c16356b2662582e8170b35ab5fc17180d84c4175a7e0fa.exe -
Loads dropped DLL 4 IoCs
Processes:
e6b39a0907d079e287c16356b2662582e8170b35ab5fc17180d84c4175a7e0fa.exepid process 3952 e6b39a0907d079e287c16356b2662582e8170b35ab5fc17180d84c4175a7e0fa.exe 3952 e6b39a0907d079e287c16356b2662582e8170b35ab5fc17180d84c4175a7e0fa.exe 3952 e6b39a0907d079e287c16356b2662582e8170b35ab5fc17180d84c4175a7e0fa.exe 3952 e6b39a0907d079e287c16356b2662582e8170b35ab5fc17180d84c4175a7e0fa.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: LoadsDriver 1 IoCs
Processes:
pid process 656
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\dosss11.dllFilesize
64KB
MD59a4e32e726ee5b6456a4177a889bf2c7
SHA1d09cc927bcb9afd900369b414ecf0e1c441b0e6f
SHA256fb06e078cf674141e2267988ff1db8a3557f6839b8d1e1820e65a8a75f202e2d
SHA5129ae56c75964773cfb241246e3bc600e2cf97d4d07c883278fd25e0ce4b5aa66c13c88d98ce9cc471fab346aea8f3dc3d28b8d75e35dd26ac728fb890773d382a
-
C:\Users\Admin\AppData\Local\Temp\dosss11.dllFilesize
64KB
MD59a4e32e726ee5b6456a4177a889bf2c7
SHA1d09cc927bcb9afd900369b414ecf0e1c441b0e6f
SHA256fb06e078cf674141e2267988ff1db8a3557f6839b8d1e1820e65a8a75f202e2d
SHA5129ae56c75964773cfb241246e3bc600e2cf97d4d07c883278fd25e0ce4b5aa66c13c88d98ce9cc471fab346aea8f3dc3d28b8d75e35dd26ac728fb890773d382a
-
C:\Users\Admin\AppData\Local\Temp\nsvAF22.tmp\System.dllFilesize
10KB
MD54eff5fafd746f5decb93a44e3a3d570c
SHA1a11aa7681b7e2df1c7f7492a127d332d1495ea8a
SHA256cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5
SHA512cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72
-
C:\Users\Admin\AppData\Local\Temp\nsvAF22.tmp\System.dllFilesize
10KB
MD54eff5fafd746f5decb93a44e3a3d570c
SHA1a11aa7681b7e2df1c7f7492a127d332d1495ea8a
SHA256cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5
SHA512cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72
-
memory/3952-136-0x0000000003060000-0x0000000003072000-memory.dmpFilesize
72KB