Overview

overview

9

Static

static

1

54418bd2d3...ef.exe

windows7-x64

9

54418bd2d3...ef.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    158s
  • max time network
    175s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 21:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    54418bd2d37242c006969b729a6cce1a6311766f003f047d40b9b2cae4a7beef.exe

  • Size

    17.6MB

  • MD5

    8cc457b03bc3b4110b897d2c13074444

  • SHA1

    6228e00a43d4e486c5ac098221080fa887e99594

  • SHA256

    54418bd2d37242c006969b729a6cce1a6311766f003f047d40b9b2cae4a7beef

  • SHA512

    864fdd325d2cff2e0f3deec9062e841e34b72b7f9e352bfa4e5c36ee473f4295d901ec33b5421145874a6e0f4b67d771cc97d55f088ec8153c3bda1a373bc716

  • SSDEEP

    393216:4559ESPsUIX/L95+sTCp6N0QGpYM5Smjq4kseHBAYvwkrQXxl8dwC:M5t03D95Wp6NmCe751yAYFr0C

Score
9/10

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\54418bd2d37242c006969b729a6cce1a6311766f003f047d40b9b2cae4a7beef.exe
    "C:\Users\Admin\AppData\Local\Temp\54418bd2d37242c006969b729a6cce1a6311766f003f047d40b9b2cae4a7beef.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:3140

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsvCA0E.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsvCA0E.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsvCA0E.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    c10e04dd4ad4277d5adc951bb331c777

    SHA1

    b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

    SHA256

    e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

    SHA512

    853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsvCA0E.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    c10e04dd4ad4277d5adc951bb331c777

    SHA1

    b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

    SHA256

    e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

    SHA512

    853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsvCA0E.tmp\nsProcess.dll
    Filesize

    4KB

    MD5

    05450face243b3a7472407b999b03a72

    SHA1

    ffd88af2e338ae606c444390f7eaaf5f4aef2cd9

    SHA256

    95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89

    SHA512

    f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\rtiC7AA.tmp
    Filesize

    172KB

    MD5

    685f1cbd4af30a1d0c25f252d399a666

    SHA1

    6a1b978f5e6150b88c8634146f1406ed97d2f134

    SHA256

    0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

    SHA512

    6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\rtiC7AA.tmp
    Filesize

    172KB

    MD5

    685f1cbd4af30a1d0c25f252d399a666

    SHA1

    6a1b978f5e6150b88c8634146f1406ed97d2f134

    SHA256

    0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

    SHA512

    6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

    Download Submit

  • memory/3140-135-0x00000000025B0000-0x0000000002623000-memory.dmp

    Filesize

    460KB

    Download

  • memory/3140-141-0x0000000002BD1000-0x0000000002BD3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3140-138-0x0000000000400000-0x00000000007DC000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/3140-144-0x0000000002BE1000-0x0000000002BE3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3140-137-0x00000000025B0000-0x0000000002623000-memory.dmp

    Filesize

    460KB

    Download

  • memory/3140-134-0x0000000000400000-0x00000000007DC000-memory.dmp

    Filesize

    3.9MB

    Download