5df46e7b14ee070ee262b63a8973cc2a71987d4ca6e7cfaccd2cb9acaafe2cd8

Analysis

max time kernel
140s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 14:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5df46e7b14ee070ee262b63a8973cc2a71987d4ca6e7cfaccd2cb9acaafe2cd8.exe
Size

2.4MB
MD5

8dc3eb6f66ac25b3d47bf68734781c0f
SHA1

14f086ffcd2b246d57b4eb27170db15aa3260057
SHA256

5df46e7b14ee070ee262b63a8973cc2a71987d4ca6e7cfaccd2cb9acaafe2cd8
SHA512

101edef4952af20763c254055c93db68e70f5d38029d7a80d53739685f6df6720046bf7fd898240071f6ab048a8f0b9a68011b822bc941a44195e9dba5092560
SSDEEP

49152:IWDA/npmH7/HoMS3UviXYYiEDtWlwQ90tpdz5LrhNLOA3l9JhP:bMps7/IMSk6XqiWb0ttLVNLOw7

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\nsa6F2C.tmp\md5dll.dll	acprotect
C:\Users\Admin\AppData\Local\Temp\nsa6F2C.tmp\md5dll.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\nsa6F2C.tmp\md5dll.dll	upx
C:\Users\Admin\AppData\Local\Temp\nsa6F2C.tmp\md5dll.dll	upx

Loads dropped DLL 11 IoCs

Processes:

5df46e7b14ee070ee262b63a8973cc2a71987d4ca6e7cfaccd2cb9acaafe2cd8.exe

pid	process
2840	5df46e7b14ee070ee262b63a8973cc2a71987d4ca6e7cfaccd2cb9acaafe2cd8.exe
2840	5df46e7b14ee070ee262b63a8973cc2a71987d4ca6e7cfaccd2cb9acaafe2cd8.exe
2840	5df46e7b14ee070ee262b63a8973cc2a71987d4ca6e7cfaccd2cb9acaafe2cd8.exe
2840	5df46e7b14ee070ee262b63a8973cc2a71987d4ca6e7cfaccd2cb9acaafe2cd8.exe
2840	5df46e7b14ee070ee262b63a8973cc2a71987d4ca6e7cfaccd2cb9acaafe2cd8.exe
2840	5df46e7b14ee070ee262b63a8973cc2a71987d4ca6e7cfaccd2cb9acaafe2cd8.exe
2840	5df46e7b14ee070ee262b63a8973cc2a71987d4ca6e7cfaccd2cb9acaafe2cd8.exe
2840	5df46e7b14ee070ee262b63a8973cc2a71987d4ca6e7cfaccd2cb9acaafe2cd8.exe
2840	5df46e7b14ee070ee262b63a8973cc2a71987d4ca6e7cfaccd2cb9acaafe2cd8.exe
2840	5df46e7b14ee070ee262b63a8973cc2a71987d4ca6e7cfaccd2cb9acaafe2cd8.exe
2840	5df46e7b14ee070ee262b63a8973cc2a71987d4ca6e7cfaccd2cb9acaafe2cd8.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\5df46e7b14ee070ee262b63a8973cc2a71987d4ca6e7cfaccd2cb9acaafe2cd8.exe
"C:\Users\Admin\AppData\Local\Temp\5df46e7b14ee070ee262b63a8973cc2a71987d4ca6e7cfaccd2cb9acaafe2cd8.exe"
1⤵
- Loads dropped DLL
PID:2840

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsa6F2C.tmp\Banner.dll

Filesize
4KB

MD5
aea3ac67fa68fd3f00edfbf9b43a2770

SHA1
aa59d1a4311c42b612ee66a027f224261beebbc3

SHA256
f4530c734e3ce6253ffa6e5d755d61e4709ab9fc3b0eee3d4cdb89ec89c48bd2

SHA512
ffb6abc624d50ae8bc9c83ff518cb532dfd076f107077dceaf0e23d11c186a18671a5f538270be8b0b986e41ad1981a3606995046a6ee7b6b64a33c83ed72df9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6F2C.tmp\Banner.dll

Filesize
4KB

MD5
aea3ac67fa68fd3f00edfbf9b43a2770

SHA1
aa59d1a4311c42b612ee66a027f224261beebbc3

SHA256
f4530c734e3ce6253ffa6e5d755d61e4709ab9fc3b0eee3d4cdb89ec89c48bd2

SHA512
ffb6abc624d50ae8bc9c83ff518cb532dfd076f107077dceaf0e23d11c186a18671a5f538270be8b0b986e41ad1981a3606995046a6ee7b6b64a33c83ed72df9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6F2C.tmp\Math.dll

Filesize
66KB

MD5
502c878b0897ff8ade2a3c221609f19a

SHA1
6cdb54120013b0392530f4af2b76da0231795f7d

SHA256
7f7dd4b6ff242dc5fad267a8e6e1aafbbbd5ea9a25a3c70176c64e21002cb84c

SHA512
73510956688e442ee05c8ca2de695386bf344bb3e5de160c9193076c3816ba2ef691895971266deed95562d1f223ce036859a2f4a83b6d8b52e1450216307798

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6F2C.tmp\Math.dll

Filesize
66KB

MD5
502c878b0897ff8ade2a3c221609f19a

SHA1
6cdb54120013b0392530f4af2b76da0231795f7d

SHA256
7f7dd4b6ff242dc5fad267a8e6e1aafbbbd5ea9a25a3c70176c64e21002cb84c

SHA512
73510956688e442ee05c8ca2de695386bf344bb3e5de160c9193076c3816ba2ef691895971266deed95562d1f223ce036859a2f4a83b6d8b52e1450216307798

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6F2C.tmp\System.dll

Filesize
11KB

MD5
960a5c48e25cf2bca332e74e11d825c9

SHA1
da35c6816ace5daf4c6c1d57b93b09a82ecdc876

SHA256
484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

SHA512
cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6F2C.tmp\inetc.dll

Filesize
20KB

MD5
e541458cfe66ef95ffbea40eaaa07289

SHA1
caec1233f841ee72004231a3027b13cdeb13274c

SHA256
3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

SHA512
0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6F2C.tmp\inetc.dll

Filesize
20KB

MD5
e541458cfe66ef95ffbea40eaaa07289

SHA1
caec1233f841ee72004231a3027b13cdeb13274c

SHA256
3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

SHA512
0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6F2C.tmp\md5dll.dll

Filesize
6KB

MD5
0745ff646f5af1f1cdd784c06f40fce9

SHA1
bf7eba06020d7154ce4e35f696bec6e6c966287f

SHA256
fbed2f1160469f42ce97c33ad558201b2b43e3020257f9b2259e3ce295317a70

SHA512
8d31627c719e788b5d0f5f34d4cb175989eaa35aa3335c98f2ba7902c8ae01b23de3ccb9c6eb95945f0b08ef74d456f9f22ca7539df303e1df3f6a7e67b358da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6F2C.tmp\md5dll.dll

Filesize
6KB

MD5
0745ff646f5af1f1cdd784c06f40fce9

SHA1
bf7eba06020d7154ce4e35f696bec6e6c966287f

SHA256
fbed2f1160469f42ce97c33ad558201b2b43e3020257f9b2259e3ce295317a70

SHA512
8d31627c719e788b5d0f5f34d4cb175989eaa35aa3335c98f2ba7902c8ae01b23de3ccb9c6eb95945f0b08ef74d456f9f22ca7539df303e1df3f6a7e67b358da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6F2C.tmp\nsDialogs.dll

Filesize
9KB

MD5
8ced0b79f7b9033d0795aab3be6d627c

SHA1
90c2043ffccd068f407c624c50ac7b795db1e132

SHA256
495bddc0be6e18e981db82fab9d1de55c7e269ab4ec3ff43035193bc017a307b

SHA512
e38f63a342729f5ff6d0db607d7877b65c33ed19e2b5a97dd868ece8c2a3e829d4153624943444be2f0de885496161d54c1da9594bdc0a5a0bcc8b727e2facb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6F2C.tmp\nsDialogs.dll

Filesize
9KB

MD5
8ced0b79f7b9033d0795aab3be6d627c

SHA1
90c2043ffccd068f407c624c50ac7b795db1e132

SHA256
495bddc0be6e18e981db82fab9d1de55c7e269ab4ec3ff43035193bc017a307b

SHA512
e38f63a342729f5ff6d0db607d7877b65c33ed19e2b5a97dd868ece8c2a3e829d4153624943444be2f0de885496161d54c1da9594bdc0a5a0bcc8b727e2facb0

Download Submit
memory/2840-142-0x0000000005391000-0x0000000005394000-memory.dmp

Filesize
12KB

Download
memory/2840-137-0x0000000005270000-0x000000000528A000-memory.dmp

Filesize
104KB

Download
memory/2840-145-0x0000000003B21000-0x0000000003B23000-memory.dmp

Filesize
8KB

Download
memory/2840-146-0x0000000005390000-0x0000000005399000-memory.dmp

Filesize
36KB

Download
memory/2840-147-0x0000000005390000-0x0000000005399000-memory.dmp

Filesize
36KB

Download
memory/2840-148-0x0000000005390000-0x0000000005399000-memory.dmp

Filesize
36KB

Download
memory/2840-149-0x0000000005390000-0x0000000005399000-memory.dmp

Filesize
36KB

Download