cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b

Analysis

max time kernel
24s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
Size

6.2MB
MD5

3f4a8bc930a47fe501e592d873647e41
SHA1

6674969b26d18bd728fa007bb8c549a147ace4b0
SHA256

cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b
SHA512

70c3453ef283445a67d4125e9b9c5e943afe5f6e063d271bb80c5aed3560eeb263b69c6c5b10916301ef367e232636be5dd9b8dc26294ca23b437dfee53f83ac
SSDEEP

196608:L6eQ+qnZrsvK6jQCJEzEbC9e1yNkVMCso2tkB5:Ltxq2vK9CJEQbCQ17Vqc

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 30 IoCs

Processes:

cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe

pid	process
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
1556	cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe
"C:\Users\Admin\AppData\Local\Temp\cc98d9cb7064e05b0f093ae6691a6e8827468042957af22e5b3192f26c97bb4b.exe"
1⤵
- Loads dropped DLL
PID:1556

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\FileInfo.dll

Filesize
83KB

MD5
dcbf5f327bfbd7b8069d0cbac9c83581

SHA1
9d2d14590e07974821a4181d126f02e379f7c159

SHA256
710573fef6b2f6095b71b58e2b5316a84ab0b3857de06a66a626859b49a41cad

SHA512
89678dc3a071a52f0fe274851b415928eb4ae8c7ef97b980e9c137f5204d742108bf8fd22b8a373fe93e789854558bc23ed4e2a10d1ef2e5301be49f62b586d5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3D80.tmp\System.dll

Filesize
11KB

MD5
4cf3a81ab4579b30117c8a39a489d51d

SHA1
61af475e11e4e79e6a11e761fcb540d9c5eec0e9

SHA256
29f4a1c87161643e0ed5c46b46786d9a48437ec5dc6b99f4ff14037429e6e20a

SHA512
885d131304afbe92b9b0a16830b6b34c6b78e44f972c20aad63cf3695a400f2d82cf217753da2a2e5e399fdd5dd3306a257e9501a86884cad853e01ee125a664

Download Submit
memory/1556-54-0x0000000075CF1000-0x0000000075CF3000-memory.dmp

Filesize
8KB

Download