c270c63fb17753fe63ef4138a49fc59abdde84140787eec4a8a9e09ddda97d8a

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 04:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c270c63fb17753fe63ef4138a49fc59abdde84140787eec4a8a9e09ddda97d8a.exe
Size

109KB
MD5

c095f5529e8849396c278107f2463553
SHA1

518dde3cd7f0e05d94c02818652ab692237ae234
SHA256

c270c63fb17753fe63ef4138a49fc59abdde84140787eec4a8a9e09ddda97d8a
SHA512

ec353a1528bf7d5b682ea3917b7a620713c1ca51460565f7378c3aa57ba58cc91414d971fda25958e9cc23b3f9968f489b36e603c4e52db8677374bd2e96449f
SSDEEP

3072:6gXdZt9P6D3XJOvVs76SB+ZP55fnPcHI1QHSnja05Ko:6e340G75+ZPPfnE2Qyn20Uo

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

Processes:

c270c63fb17753fe63ef4138a49fc59abdde84140787eec4a8a9e09ddda97d8a.exe

pid	process
3968	c270c63fb17753fe63ef4138a49fc59abdde84140787eec4a8a9e09ddda97d8a.exe
3968	c270c63fb17753fe63ef4138a49fc59abdde84140787eec4a8a9e09ddda97d8a.exe
3968	c270c63fb17753fe63ef4138a49fc59abdde84140787eec4a8a9e09ddda97d8a.exe
3968	c270c63fb17753fe63ef4138a49fc59abdde84140787eec4a8a9e09ddda97d8a.exe
3968	c270c63fb17753fe63ef4138a49fc59abdde84140787eec4a8a9e09ddda97d8a.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

c270c63fb17753fe63ef4138a49fc59abdde84140787eec4a8a9e09ddda97d8a.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main	c270c63fb17753fe63ef4138a49fc59abdde84140787eec4a8a9e09ddda97d8a.exe

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

Processes:

c270c63fb17753fe63ef4138a49fc59abdde84140787eec4a8a9e09ddda97d8a.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://kr.yahoo.com/?ilc=105"	c270c63fb17753fe63ef4138a49fc59abdde84140787eec4a8a9e09ddda97d8a.exe

C:\Users\Admin\AppData\Local\Temp\c270c63fb17753fe63ef4138a49fc59abdde84140787eec4a8a9e09ddda97d8a.exe
"C:\Users\Admin\AppData\Local\Temp\c270c63fb17753fe63ef4138a49fc59abdde84140787eec4a8a9e09ddda97d8a.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
PID:3968

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsd69CC.tmp\IpConfig.dll

Filesize
114KB

MD5
a3ed6f7ea493b9644125d494fbf9a1e6

SHA1
ebeee67fb0b5b3302c69f47c5e7fca62e1a809d8

SHA256
ec0f85f8a9d6b77081ba0103f967ef6705b547bf27bcd866d77ac909d21a1e08

SHA512
7099e1bc78ba5727661aa49f75523126563a5ebccdff10cabf868ce5335821118384825f037fbf1408c416c0212aa702a5974bc54d1b63c9d0bcade140f9aae1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd69CC.tmp\IpConfig.dll

Filesize
114KB

MD5
a3ed6f7ea493b9644125d494fbf9a1e6

SHA1
ebeee67fb0b5b3302c69f47c5e7fca62e1a809d8

SHA256
ec0f85f8a9d6b77081ba0103f967ef6705b547bf27bcd866d77ac909d21a1e08

SHA512
7099e1bc78ba5727661aa49f75523126563a5ebccdff10cabf868ce5335821118384825f037fbf1408c416c0212aa702a5974bc54d1b63c9d0bcade140f9aae1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd69CC.tmp\NSISdl.dll

Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd69CC.tmp\NSISdl.dll

Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd69CC.tmp\UAC.dll

Filesize
13KB

MD5
29858669d7da388d1e62b4fd5337af12

SHA1
756b94898429a9025a04ae227f060952f1149a5f

SHA256
c24c005daa7f5578c4372b38d1be6be5e27ef3ba2cdb9b67fee15cac406eba62

SHA512
6f4d538f2fe0681f357bab73f633943c539ddc1451efa1d1bb76d70bb47aa68a05849e36ae405cc4664598a8194227fa7053de6dbce7d6c52a20301293b3c85f

Download Submit
memory/3968-135-0x0000000002A40000-0x0000000002A66000-memory.dmp

Filesize
152KB

Download
memory/3968-139-0x0000000002AC1000-0x0000000002AC4000-memory.dmp

Filesize
12KB

Download