Overview

overview

7

Static

static

1

ee3780d8c6...f2.exe

windows7-x64

7

ee3780d8c6...f2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    189s
  • max time network
    195s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 18:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ee3780d8c69d71578898611ea39bdb21674c156c18e79015c0f7c7b6407e2af2.exe

  • Size

    1.1MB

  • MD5

    44ed4d13c793fc5725615754bf4038d6

  • SHA1

    18dd66fd52082dd40135658df8540273810e3584

  • SHA256

    ee3780d8c69d71578898611ea39bdb21674c156c18e79015c0f7c7b6407e2af2

  • SHA512

    3f92b1246b4a74cb18d719ce753b77877e414c307ef17202e4e1fe847a12c360cd48f01546a4092608941982987ebc94e0c69de8c45a00bd75aa30631d285aeb

  • SSDEEP

    24576:MlO8+B8CocXJFmjNbfszqSZnU1D75t1mX4VMe17iNK+anG8J:gO8+BkGFeqqq8D75tEX4V7sYhG8J

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ee3780d8c69d71578898611ea39bdb21674c156c18e79015c0f7c7b6407e2af2.exe
    "C:\Users\Admin\AppData\Local\Temp\ee3780d8c69d71578898611ea39bdb21674c156c18e79015c0f7c7b6407e2af2.exe"
    1⤵
    • Loads dropped DLL
    PID:1988

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsq61F7.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    3809b1424d53ccb427c88cabab8b5f94

    SHA1

    bc74d911216f32a9ca05c0d9b61a2aecfc0d1c0e

    SHA256

    426efd56da4014f12ec8ee2e268f86b848bbca776333d55482cb3eb71c744088

    SHA512

    626a1c5edd86a71579e42bac8df479184515e6796fa21cb4fad6731bb775641d25f8eb8e86b939b9db9099453e85c572c9ea7897339a3879a1b672bc9226fcee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\nsq61F7.tmp\System.dll
    Filesize

    10KB

    MD5

    32465a07028b927b22c38e642c2cb836

    SHA1

    309cac412b2ecf6a36f6e989c828afcdd8c7a6e4

    SHA256

    eda545d4dcb37098a90fce9692d5094bb56897f04eff6d40e3dedd122a4d1292

    SHA512

    9d886a722bbbb5d8d77e97d256057fe685f1932042257a8382e13548fe835d01c64de65e2b5ad2c2ff99692b14c924e6ddb84797f6224f1772e8699b421e6aff

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\nsq61F7.tmp\System.dll
    Filesize

    10KB

    MD5

    32465a07028b927b22c38e642c2cb836

    SHA1

    309cac412b2ecf6a36f6e989c828afcdd8c7a6e4

    SHA256

    eda545d4dcb37098a90fce9692d5094bb56897f04eff6d40e3dedd122a4d1292

    SHA512

    9d886a722bbbb5d8d77e97d256057fe685f1932042257a8382e13548fe835d01c64de65e2b5ad2c2ff99692b14c924e6ddb84797f6224f1772e8699b421e6aff

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\nsq61F7.tmp\System.dll
    Filesize

    10KB

    MD5

    32465a07028b927b22c38e642c2cb836

    SHA1

    309cac412b2ecf6a36f6e989c828afcdd8c7a6e4

    SHA256

    eda545d4dcb37098a90fce9692d5094bb56897f04eff6d40e3dedd122a4d1292

    SHA512

    9d886a722bbbb5d8d77e97d256057fe685f1932042257a8382e13548fe835d01c64de65e2b5ad2c2ff99692b14c924e6ddb84797f6224f1772e8699b421e6aff

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\nsq61F7.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    3691c07a4c5f9e12b96a61bd4b28002c

    SHA1

    831ea22da1971be4f33e86e96bcf66fa051739f0

    SHA256

    9d0b769ccf9eb460304302e2ce1958001089718baa58d9cf71f4ec3fce8f4922

    SHA512

    435de907053d68c970654992f1b4c8bbf651e722c1c206601fdfea7001bf15fb465d97127d90fbc73fa58a99e4e511fff2c85cb866d0216e80c518cf175eb5a6

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\nsq61F7.tmp\checkini.dll
    Filesize

    3KB

    MD5

    45fd7b67f3183b68de285649a66cc716

    SHA1

    fa79355295f6f10768b37a0b11afa76d6288d8ef

    SHA256

    884b0c312085eedd45e5ccd06021de2e9afd3ca49b7565eb6c4e7ced5975280d

    SHA512

    8081b20483e1ab73ada7b0274bb54f337585063664e7a2bac866b655e5718d28a7828d829c879593b10f0f9fff85c16a7e83886106dadcf786793d203e37db5d

    Download Submit