Overview

overview

7

Static

static

1

6e87d09fb0...fa.exe

windows7-x64

7

6e87d09fb0...fa.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    42s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 16:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6e87d09fb03990385abd0c91d723a15472f7775799a2410c339a536e140074fa.exe

  • Size

    31.1MB

  • MD5

    3fa717ff26bdf951009ffc121a511d7e

  • SHA1

    783edb778aa28e13def1407f99c736ff7db1f99f

  • SHA256

    6e87d09fb03990385abd0c91d723a15472f7775799a2410c339a536e140074fa

  • SHA512

    fd5f69cd4fc56786a2cd9757a5f79da94e35955fa73a7645a9a71b36ac89d4675f3770dc02a873e4e644c2bbdfcd8303a5c5ef3bcd38a67800ebb4b1e7413f2c

  • SSDEEP

    786432:hyUxd3agz6VRNlHkWLX2MW+l7jhvKo51/7x4l5rp:NvOVLlHk0X2MWk7jXTx4Lrp

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\6e87d09fb03990385abd0c91d723a15472f7775799a2410c339a536e140074fa.exe
    "C:\Users\Admin\AppData\Local\Temp\6e87d09fb03990385abd0c91d723a15472f7775799a2410c339a536e140074fa.exe"
    1⤵
    • Loads dropped DLL
    PID:1392

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsz83D2.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    b18dfaded8f6d2380fdfd8f6b6969211

    SHA1

    969fa0e906240ab1123254feeb833c275626cf76

    SHA256

    747d0222b652dbfc85e0de4f8486473662d325a55e32c7eacb91e53e37ceba58

    SHA512

    25fb09b8657997d31e61c908f1cd08357c1a1b68bbb1ba377e87b6a3eb347a2ef96c1a771b6c4332853abb33728c55c83efa73df5da03f3dfc132f8a69a2886c

    Download Submit

  • memory/1392-54-0x0000000075F61000-0x0000000075F63000-memory.dmp

    Filesize

    8KB

    Download