be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235

Analysis

max time kernel
145s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe
Size

5.0MB
MD5

691bbc6072724e44394ab6717da047f9
SHA1

523f28964101790d7967bdefae6aebab225b188a
SHA256

be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235
SHA512

720394fe73d579193f62f20c313bf55284f1aa17614755bd401bb948c5d2c77514591eb4f96d898cc19e884c51dea8d4de90c1a2a6b25b9d6e7a2e4bd5caa24d
SSDEEP

98304:od0jWZSpcVfLNfvvRelh27OG+4hvt0CEoMw4pVF/zsdKRkyDT9cb9k:xjWQyfBelhgObyBEoMw4hkyFcJ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 19 IoCs

Processes:

be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe

pid	process
3188	be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe
3188	be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe
3188	be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe
3188	be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe
3188	be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe
3188	be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe
3188	be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe
3188	be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe
3188	be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe
3188	be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe
3188	be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe
3188	be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe
3188	be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe
3188	be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe
3188	be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe
3188	be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe
3188	be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe
3188	be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe
3188	be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe

pid	process
3188	be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe
3188	be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe

C:\Users\Admin\AppData\Local\Temp\be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe
"C:\Users\Admin\AppData\Local\Temp\be491952f53dd954dda3226fdfb09c52251be5cd543f406a78c42becdb4ad235.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3188

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsvFCD5.tmp\Banner.dll

Filesize
4KB

MD5
aea3ac67fa68fd3f00edfbf9b43a2770

SHA1
aa59d1a4311c42b612ee66a027f224261beebbc3

SHA256
f4530c734e3ce6253ffa6e5d755d61e4709ab9fc3b0eee3d4cdb89ec89c48bd2

SHA512
ffb6abc624d50ae8bc9c83ff518cb532dfd076f107077dceaf0e23d11c186a18671a5f538270be8b0b986e41ad1981a3606995046a6ee7b6b64a33c83ed72df9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvFCD5.tmp\Button.dll

Filesize
7KB

MD5
92debab0caea94c3e571e892fdde60dd

SHA1
fcd1f711b3c649b5cf5cc134e19524489084e456

SHA256
508b06710e1c3d4456d14a28ffa89c42097a9388ce44a6148ee1a3a3d5a26bcd

SHA512
2169d071c0c570b236c7224141dfb460a4cd6eb6e2e7fdf081c8d88d9173f639881d0dc2e33bc4881432637fb1a7336b7815236a70cf5ee638f8142d787a94fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvFCD5.tmp\Button.dll

Filesize
7KB

MD5
92debab0caea94c3e571e892fdde60dd

SHA1
fcd1f711b3c649b5cf5cc134e19524489084e456

SHA256
508b06710e1c3d4456d14a28ffa89c42097a9388ce44a6148ee1a3a3d5a26bcd

SHA512
2169d071c0c570b236c7224141dfb460a4cd6eb6e2e7fdf081c8d88d9173f639881d0dc2e33bc4881432637fb1a7336b7815236a70cf5ee638f8142d787a94fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvFCD5.tmp\EmbedWeb.dll

Filesize
22KB

MD5
2312a7ac514325c2f1efc6f4cfdecd61

SHA1
7d12b05a867ec6d40f174c797dc3b691e6fa2408

SHA256
fb9cc3565cf89cf862665003b329be514e1fbcdef83a9ed994238800156de983

SHA512
187ef38f755f1e30524e3d60d1d4188160b654f2430c0246e160d9e8971d565986010a47a9ef3c8ca99eae7e0993c8be0b2cb93345cc6f30b179206f57e54b9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvFCD5.tmp\EmbedWeb.dll

Filesize
22KB

MD5
2312a7ac514325c2f1efc6f4cfdecd61

SHA1
7d12b05a867ec6d40f174c797dc3b691e6fa2408

SHA256
fb9cc3565cf89cf862665003b329be514e1fbcdef83a9ed994238800156de983

SHA512
187ef38f755f1e30524e3d60d1d4188160b654f2430c0246e160d9e8971d565986010a47a9ef3c8ca99eae7e0993c8be0b2cb93345cc6f30b179206f57e54b9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvFCD5.tmp\KPTool.dll

Filesize
18KB

MD5
ae60f7858d2318f81514e01b925f74ca

SHA1
292fe609aebc4f213c44d94a6c68dfb5a499f2ef

SHA256
9d7ffe7082c92d85522d82faa8767bc3ef744a85455c336f99b5e8e288a6cead

SHA512
9fb698c8f8154779e5957336eb57fb97c9bdf50f53245b353c21ae4a52b25b86f910fa6095e6ed74bf0812a4935df62903efe2079713e15c2168cdca6f0048be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvFCD5.tmp\KPTool.dll

Filesize
18KB

MD5
ae60f7858d2318f81514e01b925f74ca

SHA1
292fe609aebc4f213c44d94a6c68dfb5a499f2ef

SHA256
9d7ffe7082c92d85522d82faa8767bc3ef744a85455c336f99b5e8e288a6cead

SHA512
9fb698c8f8154779e5957336eb57fb97c9bdf50f53245b353c21ae4a52b25b86f910fa6095e6ed74bf0812a4935df62903efe2079713e15c2168cdca6f0048be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvFCD5.tmp\NSISdl.dll

Filesize
14KB

MD5
a5a4cee2eb89d2687c05ef74299f0dba

SHA1
b9bff5987be422887f2f402357b47db2288a1a42

SHA256
cb82268b778703db75961cddef33a695a674f0dfd28b7e710b198ef2d26d3963

SHA512
f485267c6239f84d294ed4b0a82f317081e6e2e0c5613bd012bbd496b9ebccb8aca6944e80f84af51d17ac13f4d83480c34edfe37a3a9508ce0e67fc9f0b96f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvFCD5.tmp\NSISdl.dll

Filesize
14KB

MD5
a5a4cee2eb89d2687c05ef74299f0dba

SHA1
b9bff5987be422887f2f402357b47db2288a1a42

SHA256
cb82268b778703db75961cddef33a695a674f0dfd28b7e710b198ef2d26d3963

SHA512
f485267c6239f84d294ed4b0a82f317081e6e2e0c5613bd012bbd496b9ebccb8aca6944e80f84af51d17ac13f4d83480c34edfe37a3a9508ce0e67fc9f0b96f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvFCD5.tmp\NSISdl.dll

Filesize
14KB

MD5
a5a4cee2eb89d2687c05ef74299f0dba

SHA1
b9bff5987be422887f2f402357b47db2288a1a42

SHA256
cb82268b778703db75961cddef33a695a674f0dfd28b7e710b198ef2d26d3963

SHA512
f485267c6239f84d294ed4b0a82f317081e6e2e0c5613bd012bbd496b9ebccb8aca6944e80f84af51d17ac13f4d83480c34edfe37a3a9508ce0e67fc9f0b96f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvFCD5.tmp\NSISdl.dll

Filesize
14KB

MD5
a5a4cee2eb89d2687c05ef74299f0dba

SHA1
b9bff5987be422887f2f402357b47db2288a1a42

SHA256
cb82268b778703db75961cddef33a695a674f0dfd28b7e710b198ef2d26d3963

SHA512
f485267c6239f84d294ed4b0a82f317081e6e2e0c5613bd012bbd496b9ebccb8aca6944e80f84af51d17ac13f4d83480c34edfe37a3a9508ce0e67fc9f0b96f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvFCD5.tmp\System.dll

Filesize
11KB

MD5
960a5c48e25cf2bca332e74e11d825c9

SHA1
da35c6816ace5daf4c6c1d57b93b09a82ecdc876

SHA256
484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

SHA512
cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvFCD5.tmp\System.dll

Filesize
11KB

MD5
960a5c48e25cf2bca332e74e11d825c9

SHA1
da35c6816ace5daf4c6c1d57b93b09a82ecdc876

SHA256
484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

SHA512
cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvFCD5.tmp\System.dll

Filesize
11KB

MD5
960a5c48e25cf2bca332e74e11d825c9

SHA1
da35c6816ace5daf4c6c1d57b93b09a82ecdc876

SHA256
484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

SHA512
cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvFCD5.tmp\System.dll

Filesize
11KB

MD5
960a5c48e25cf2bca332e74e11d825c9

SHA1
da35c6816ace5daf4c6c1d57b93b09a82ecdc876

SHA256
484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

SHA512
cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvFCD5.tmp\nsDialogs.dll

Filesize
9KB

MD5
8ced0b79f7b9033d0795aab3be6d627c

SHA1
90c2043ffccd068f407c624c50ac7b795db1e132

SHA256
495bddc0be6e18e981db82fab9d1de55c7e269ab4ec3ff43035193bc017a307b

SHA512
e38f63a342729f5ff6d0db607d7877b65c33ed19e2b5a97dd868ece8c2a3e829d4153624943444be2f0de885496161d54c1da9594bdc0a5a0bcc8b727e2facb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvFCD5.tmp\nsDialogs.dll

Filesize
9KB

MD5
8ced0b79f7b9033d0795aab3be6d627c

SHA1
90c2043ffccd068f407c624c50ac7b795db1e132

SHA256
495bddc0be6e18e981db82fab9d1de55c7e269ab4ec3ff43035193bc017a307b

SHA512
e38f63a342729f5ff6d0db607d7877b65c33ed19e2b5a97dd868ece8c2a3e829d4153624943444be2f0de885496161d54c1da9594bdc0a5a0bcc8b727e2facb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvFCD5.tmp\sndsock.dll

Filesize
10KB

MD5
e9a68378671dfc74e7715b47291e141a

SHA1
3178de37b31120525bff70ab620aa3473a01edf1

SHA256
630fce9497fb76e4f72e20741593fba7c30d72e8abdc085f3848d8c3ff31603e

SHA512
c17ed60f4983d853182f8be991c0f72fae03e208640442ccea0b935cd27d860a263eb962c08d05089d0c79c0556d9d266da548bf7df981483a989acc1412b24f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvFCD5.tmp\sndsock.dll

Filesize
10KB

MD5
e9a68378671dfc74e7715b47291e141a

SHA1
3178de37b31120525bff70ab620aa3473a01edf1

SHA256
630fce9497fb76e4f72e20741593fba7c30d72e8abdc085f3848d8c3ff31603e

SHA512
c17ed60f4983d853182f8be991c0f72fae03e208640442ccea0b935cd27d860a263eb962c08d05089d0c79c0556d9d266da548bf7df981483a989acc1412b24f

Download Submit
memory/3188-150-0x000000000A871000-0x000000000A875000-memory.dmp

Filesize
16KB

Download
memory/3188-153-0x000000000B271000-0x000000000B273000-memory.dmp

Filesize
8KB

Download
memory/3188-156-0x0000000000561000-0x0000000000563000-memory.dmp

Filesize
8KB

Download
memory/3188-138-0x000000000C941000-0x000000000C943000-memory.dmp

Filesize
8KB

Download
memory/3188-144-0x000000000C951000-0x000000000C954000-memory.dmp

Filesize
12KB

Download
memory/3188-135-0x000000000C931000-0x000000000C934000-memory.dmp

Filesize
12KB

Download