Overview

overview

8

Static

static

MicroSIP-3.21.3.exe

windows10-1703-x64

8

MicroSIP-3.21.3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    953s
  • max time network
    1229s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 15:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MicroSIP-3.21.3.exe

  • Size

    8.4MB

  • MD5

    349388dcd0d7fe5788fadc507e24ec67

  • SHA1

    6040763487840999b962f78555e07aee4dbe47a9

  • SHA256

    1b88f9245d7d9af58c189290ba3a1722afb506d2853c9a329186568df3a62961

  • SHA512

    9861acb60712c2b2c8320e00cd3b241b6eb92d80e0f0ae06603aeda3ae3747495fc0c404b52daec1d0c66cb79f9ff7acd54a66a8b4818124cd68933b2736b8e5

  • SSDEEP

    196608:pn/1btqdYfCY80dP8jY+Q5p8LdMXpsEw9yCl6ilU:d/Nt4YfCYLujY+Ip8mXpsvyCMuU

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\MicroSIP-3.21.3.exe
    "C:\Users\Admin\AppData\Local\Temp\MicroSIP-3.21.3.exe"
    1⤵
    • Loads dropped DLL
    PID:4432

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsr258A.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    109b201717ab5ef9b5628a9f3efef36f

    SHA1

    98db1f0cc5f110438a02015b722778af84d50ea7

    SHA256

    20e642707ef82852bcf153254cb94b629b93ee89a8e8a03f838eef6cbb493319

    SHA512

    174e241863294c12d0705c9d2de92f177eb8f3d91125b183d8d4899c89b9a202a4c7a81e0a541029a4e52513eee98029196a4c3b8663b479e69116347e5de5b4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsr258A.tmp\System.dll
    Filesize

    12KB

    MD5

    8cf2ac271d7679b1d68eefc1ae0c5618

    SHA1

    7cc1caaa747ee16dc894a600a4256f64fa65a9b8

    SHA256

    6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

    SHA512

    ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsr258A.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    ec9640b70e07141febbe2cd4cc42510f

    SHA1

    64a5e4b90e5fe62aa40e7ac9e16342ed066f0306

    SHA256

    c5ba017732597a82f695b084d1aa7fe3b356168cc66105b9392a9c5b06be5188

    SHA512

    47605b217313c7fe6ce3e9a65da156a2fba8d91e4ed23731d3c5e432dd048ff5c8f9ae8bb85a6a39e1eac4e1b6a22862aa72d3b1b1c8255858997cdd4db5d1fe

    Download Submit