b5659694ddd89e0e3677966b201a148d3d8ebb8a5fe99ba8b2ddb421d8829dac

Analysis

max time kernel
24s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5659694ddd89e0e3677966b201a148d3d8ebb8a5fe99ba8b2ddb421d8829dac.exe
Size

338KB
MD5

27abb6a2a6b5aabe08d47f39faa92d08
SHA1

5fe64b84b783c6345a145962eb5dabb1c3218709
SHA256

b5659694ddd89e0e3677966b201a148d3d8ebb8a5fe99ba8b2ddb421d8829dac
SHA512

e65ff4092ca85bf1f98e3e6575da962272bcc6a3c049d6b824af338020247961a6dddb839ca84220153c7e2f9515d72605ccb1212b32afeb722d1ca7531230e6
SSDEEP

6144:tQq4L5h2kQN6KSs+ZPN1gqO8mxxmxuSXDP4deHN5IxCA4gUjTTVF3xZIPVmY:8L5hLDJPN1g38mxxbSJQ9UjjxZWVR

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

Processes:

b5659694ddd89e0e3677966b201a148d3d8ebb8a5fe99ba8b2ddb421d8829dac.exe

pid	process
1240	b5659694ddd89e0e3677966b201a148d3d8ebb8a5fe99ba8b2ddb421d8829dac.exe
1240	b5659694ddd89e0e3677966b201a148d3d8ebb8a5fe99ba8b2ddb421d8829dac.exe
1240	b5659694ddd89e0e3677966b201a148d3d8ebb8a5fe99ba8b2ddb421d8829dac.exe
1240	b5659694ddd89e0e3677966b201a148d3d8ebb8a5fe99ba8b2ddb421d8829dac.exe
1240	b5659694ddd89e0e3677966b201a148d3d8ebb8a5fe99ba8b2ddb421d8829dac.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\b5659694ddd89e0e3677966b201a148d3d8ebb8a5fe99ba8b2ddb421d8829dac.exe
"C:\Users\Admin\AppData\Local\Temp\b5659694ddd89e0e3677966b201a148d3d8ebb8a5fe99ba8b2ddb421d8829dac.exe"
1⤵
- Loads dropped DLL
PID:1240

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsj3F92.tmp\BrandingURL.dll
Filesize
4KB

MD5
71c46b663baa92ad941388d082af97e7

SHA1
5a9fcce065366a526d75cc5ded9aade7cadd6421

SHA256
bb2b9c272b8b66bc1b414675c2acba7afad03fff66a63babee3ee57ed163d19e

SHA512
5965bd3f5369b9a1ed641c479f7b8a14af27700d0c27d482aa8eb62acc42f7b702b5947d82f9791b29bcba4d46e1409244f0a8ddce4ec75022b5e27f6d671bce

Download Submit
\Users\Admin\AppData\Local\Temp\nsj3F92.tmp\Math.dll
Filesize
66KB

MD5
b140459077c7c39be4bef249c2f84535

SHA1
c56498241c2ddafb01961596da16d08d1b11cd35

SHA256
0598f7d83db44929b7170c1285457b52b4281185f63ced102e709bf065f10d67

SHA512
fbcb19a951d96a216d73b6b3e005338bbb6e11332c6cc8c3f179ccd420b4db0e5682dc4245bd120dcb67bc70960eab368e74c68c7c165a485a12a7d0d8a00328

Download Submit
\Users\Admin\AppData\Local\Temp\nsj3F92.tmp\System.dll
Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsj3F92.tmp\inetc.dll
Filesize
20KB

MD5
134b93f8bd1f82cd2f1b06c878580703

SHA1
29cdbce7a2caf1f7e4d2a139c42336d490074665

SHA256
45153adf50541316468e2b189a0f8127be9fb29e2f920e7eeaa6aceb438db8c4

SHA512
f970c38debb6631dab7369e2bc96237f16a8fd328d9d35a2b54cb688e1807f62cc6d63230afe89ce5c3945097ae4466872c72929a9623adde3ee57bddf54b692

Download Submit
\Users\Admin\AppData\Local\Temp\nsj3F92.tmp\nsDialogs.dll
Filesize
9KB

MD5
c10e04dd4ad4277d5adc951bb331c777

SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

Download Submit
memory/1240-54-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download
memory/1240-59-0x00000000003D0000-0x00000000003EA000-memory.dmp

Filesize
104KB

Download