358633ea6e06f81de0af1c8ba2a774439c39073de012a0a50be28823a6d0f951

Analysis

max time kernel
258s
max time network
273s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 19:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

358633ea6e06f81de0af1c8ba2a774439c39073de012a0a50be28823a6d0f951.exe
Size

2.3MB
MD5

2a791c466a3fe634b642ac636c31ae75
SHA1

c291d5bae79149a2361daa69a39c29c23c564092
SHA256

358633ea6e06f81de0af1c8ba2a774439c39073de012a0a50be28823a6d0f951
SHA512

7a53537b11b79d4b335d4d3a4a4a8d6d7e6cc0231aa3021e0e49cb809530bab5e3923adc082358e6147fab3cf05db578b34d8336e19815823edcbd80b2a469af
SSDEEP

49152:AWt7/Nh9/wD6RJL+5ig7Q4Ztdxt2Z30TUszd/K/bXejnAik:pjiWJSYYZiZ30oszQ/zeD7k

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 9 IoCs

Processes:

358633ea6e06f81de0af1c8ba2a774439c39073de012a0a50be28823a6d0f951.exe

pid	process
4848	358633ea6e06f81de0af1c8ba2a774439c39073de012a0a50be28823a6d0f951.exe
4848	358633ea6e06f81de0af1c8ba2a774439c39073de012a0a50be28823a6d0f951.exe
4848	358633ea6e06f81de0af1c8ba2a774439c39073de012a0a50be28823a6d0f951.exe
4848	358633ea6e06f81de0af1c8ba2a774439c39073de012a0a50be28823a6d0f951.exe
4848	358633ea6e06f81de0af1c8ba2a774439c39073de012a0a50be28823a6d0f951.exe
4848	358633ea6e06f81de0af1c8ba2a774439c39073de012a0a50be28823a6d0f951.exe
4848	358633ea6e06f81de0af1c8ba2a774439c39073de012a0a50be28823a6d0f951.exe
4848	358633ea6e06f81de0af1c8ba2a774439c39073de012a0a50be28823a6d0f951.exe
4848	358633ea6e06f81de0af1c8ba2a774439c39073de012a0a50be28823a6d0f951.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\358633ea6e06f81de0af1c8ba2a774439c39073de012a0a50be28823a6d0f951.exe
"C:\Users\Admin\AppData\Local\Temp\358633ea6e06f81de0af1c8ba2a774439c39073de012a0a50be28823a6d0f951.exe"
1⤵
- Loads dropped DLL
PID:4848

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsk7750.tmp\IpConfig.dll

Filesize
114KB

MD5
a3ed6f7ea493b9644125d494fbf9a1e6

SHA1
ebeee67fb0b5b3302c69f47c5e7fca62e1a809d8

SHA256
ec0f85f8a9d6b77081ba0103f967ef6705b547bf27bcd866d77ac909d21a1e08

SHA512
7099e1bc78ba5727661aa49f75523126563a5ebccdff10cabf868ce5335821118384825f037fbf1408c416c0212aa702a5974bc54d1b63c9d0bcade140f9aae1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7750.tmp\IpConfig.dll

Filesize
114KB

MD5
a3ed6f7ea493b9644125d494fbf9a1e6

SHA1
ebeee67fb0b5b3302c69f47c5e7fca62e1a809d8

SHA256
ec0f85f8a9d6b77081ba0103f967ef6705b547bf27bcd866d77ac909d21a1e08

SHA512
7099e1bc78ba5727661aa49f75523126563a5ebccdff10cabf868ce5335821118384825f037fbf1408c416c0212aa702a5974bc54d1b63c9d0bcade140f9aae1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7750.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7750.tmp\inetc.dll

Filesize
20KB

MD5
4c01fdfd2b57b32046b3b3635a4f4df8

SHA1
e0af8e418cbe2b2783b5de93279a3b5dcb73490e

SHA256
b98e21645910f82b328f30c644b86c112969b42697e797671647b09eb40ad014

SHA512
cbd354536e2a970d31ba69024208673b1dc56603ad604ff17c5840b4371958fc22bafd90040ae3fb19ae9c248b2cfce08d0bc73cc93481f02c73b86dbc0697b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7750.tmp\inetc.dll

Filesize
20KB

MD5
4c01fdfd2b57b32046b3b3635a4f4df8

SHA1
e0af8e418cbe2b2783b5de93279a3b5dcb73490e

SHA256
b98e21645910f82b328f30c644b86c112969b42697e797671647b09eb40ad014

SHA512
cbd354536e2a970d31ba69024208673b1dc56603ad604ff17c5840b4371958fc22bafd90040ae3fb19ae9c248b2cfce08d0bc73cc93481f02c73b86dbc0697b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7750.tmp\md5dll.dll

Filesize
8KB

MD5
97960d7a18662dac9cd80a8c5e3c794b

SHA1
4c28449cefa9af46bb7a63e9b9ea66a2de0ea287

SHA256
e0d1dc6e4c5cc13fb2db08fc741da0d08b315ebc8d3b53baa61552625d19b9c3

SHA512
1baab7b5378f3a396b31bf63b01b7905759c9f1d17d71882af63338d64eceda1884c947d93e4d9ef911bded1ef061043c873a88b8272f1aa296731aa745e756c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7750.tmp\md5dll.dll

Filesize
8KB

MD5
97960d7a18662dac9cd80a8c5e3c794b

SHA1
4c28449cefa9af46bb7a63e9b9ea66a2de0ea287

SHA256
e0d1dc6e4c5cc13fb2db08fc741da0d08b315ebc8d3b53baa61552625d19b9c3

SHA512
1baab7b5378f3a396b31bf63b01b7905759c9f1d17d71882af63338d64eceda1884c947d93e4d9ef911bded1ef061043c873a88b8272f1aa296731aa745e756c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7750.tmp\md5dll.dll

Filesize
8KB

MD5
97960d7a18662dac9cd80a8c5e3c794b

SHA1
4c28449cefa9af46bb7a63e9b9ea66a2de0ea287

SHA256
e0d1dc6e4c5cc13fb2db08fc741da0d08b315ebc8d3b53baa61552625d19b9c3

SHA512
1baab7b5378f3a396b31bf63b01b7905759c9f1d17d71882af63338d64eceda1884c947d93e4d9ef911bded1ef061043c873a88b8272f1aa296731aa745e756c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7750.tmp\md5dll.dll

Filesize
8KB

MD5
97960d7a18662dac9cd80a8c5e3c794b

SHA1
4c28449cefa9af46bb7a63e9b9ea66a2de0ea287

SHA256
e0d1dc6e4c5cc13fb2db08fc741da0d08b315ebc8d3b53baa61552625d19b9c3

SHA512
1baab7b5378f3a396b31bf63b01b7905759c9f1d17d71882af63338d64eceda1884c947d93e4d9ef911bded1ef061043c873a88b8272f1aa296731aa745e756c

Download Submit
memory/4848-135-0x00000000039C0000-0x00000000039E6000-memory.dmp

Filesize
152KB

Download
memory/4848-143-0x0000000003A31000-0x0000000003A34000-memory.dmp

Filesize
12KB

Download