e7db5d49f8913267824f72993ac6d91d0bee65d462dbd6d47f41a7ceda609c6e

Analysis

max time kernel
128s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 14:40

Target

cargo_manifest_3432-67383-733.exe
Size

636KB
MD5

1d13f94082e0b0a3a421216fd2f0ce6a
SHA1

05584a793a64964b51f4fbebdebfc5fa9cce7bb7
SHA256

78118a3834e9977c8331a318de14cb318752c7bb35a921a738e48a6c4fef735c
SHA512

2d20234ed0d71ddc5097f299d22137bef695e693d20cb7eee7eaf3bad0232d841167df442069b2592c90bc357d4c56f8a5e4cb7e9e21dc7341c912d1b621c9cf
SSDEEP

12288:LTNmcssMHShABfPx+GCIR8VyCLIEyxCesG7:LTxOKABB+G9RALRAJsG7

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

cargo_manifest_3432-67383-733.exe

pid process

540 cargo_manifest_3432-67383-733.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
540	cargo_manifest_3432-67383-733.exe

C:\Users\Admin\AppData\Local\Temp\cargo_manifest_3432-67383-733.exe
"C:\Users\Admin\AppData\Local\Temp\cargo_manifest_3432-67383-733.exe"
1⤵
- Loads dropped DLL
PID:540

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\Users\Admin\AppData\Local\Temp\nsp1A56.tmp\System.dll

Filesize
12KB

MD5
a1da6788aeaf78ca4ae1dece8019e49d

SHA1
d770155e6e9aa69223be198c44a8da26a1756d89

SHA256
b7823a15e7b1866ba3d77248f750b66505859d264cfc39d8c8c5e812f8ae4a81

SHA512
eada9c1528563ddfe3d4d8ed5dbc52b85a9190765535b68da90e6d623288bf0090adac5118e1ed6e3cb3e0abb9af025d3a2a73121413a4471a90fd04bc861e18

Download Submit
memory/540-54-0x0000000075551000-0x0000000075553000-memory.dmp

Filesize
8KB

Download
memory/540-56-0x0000000002F70000-0x0000000003BBA000-memory.dmp

Filesize
12.3MB

Download