Overview

overview

8

Static

static

83f08a8f38...de.exe

windows7-x64

8

83f08a8f38...de.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    109s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2022 08:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    83f08a8f38d8529120f9b78026c44946bf9a0e4e7891da6919d99a5c6f590cde.exe

  • Size

    197KB

  • MD5

    2f42af87a036fe9cc529a26b1b952679

  • SHA1

    785ddf6fea515bba60977ab8c860a50ea29d0edb

  • SHA256

    83f08a8f38d8529120f9b78026c44946bf9a0e4e7891da6919d99a5c6f590cde

  • SHA512

    33fe4ce0ccbe62a80985f620aeb0e17a4c69cebf386c2160fcec7ec17f217b91d5bdfdac56cf7f42249b93629412a4de0978745daab2bf1ab19f2c23d321a968

  • SSDEEP

    6144:+GC7W7BUOKGqcUz9PbOigL8QsartPXhb12NcNTM:0a7PKGqP9D5hmx6QQ

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\83f08a8f38d8529120f9b78026c44946bf9a0e4e7891da6919d99a5c6f590cde.exe
    "C:\Users\Admin\AppData\Local\Temp\83f08a8f38d8529120f9b78026c44946bf9a0e4e7891da6919d99a5c6f590cde.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:4972
    • C:\Users\Admin\AppData\Local\Temp\nsnCF4D.tmp\lzma.exe
      "C:\Users\Admin\AppData\Local\Temp\nsnCF4D.tmp\lzma.exe" "d" "C:\Users\Admin\AppData\Local\Temp\nsnCF4D.tmp\inst.dat" "C:\Users\Admin\AppData\Local\Temp\nsnCF4C.tmp\Launcher.exe"
      2⤵
      • Executes dropped EXE
      PID:4436
    • C:\Users\Admin\AppData\Local\Temp\nsnCF4C.tmp\83f08a8f38d8529120f9b78026c44946bf9a0e4e7891da6919d99a5c6f590cde.exe
      "C:\Users\Admin\AppData\Local\Temp\nsnCF4C.tmp\83f08a8f38d8529120f9b78026c44946bf9a0e4e7891da6919d99a5c6f590cde.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2080

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsnCF4C.tmp\83f08a8f38d8529120f9b78026c44946bf9a0e4e7891da6919d99a5c6f590cde.exe
    Filesize

    197KB

    MD5

    f35b50dd2b3b9df2ba329dcdcec12ff6

    SHA1

    3432d5ae4719d34b56175bb002994ac389144aa7

    SHA256

    093903af16892bb6407f7af8b96b2be497d6829409dd7c7599160705c48e5266

    SHA512

    1fca4c9d593644b11cbb8759675e4ab0f6f9ae7cafc5b4e2aaa88d7b20974e30836e78ddc371872e9218ec3a1e06895845c7dcf0e22bf95e9782dc73995e05e5

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\nsnCF4C.tmp\Launcher.exe
    Filesize

    197KB

    MD5

    f35b50dd2b3b9df2ba329dcdcec12ff6

    SHA1

    3432d5ae4719d34b56175bb002994ac389144aa7

    SHA256

    093903af16892bb6407f7af8b96b2be497d6829409dd7c7599160705c48e5266

    SHA512

    1fca4c9d593644b11cbb8759675e4ab0f6f9ae7cafc5b4e2aaa88d7b20974e30836e78ddc371872e9218ec3a1e06895845c7dcf0e22bf95e9782dc73995e05e5

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\nsnCF4D.tmp\DcryptDll.dll
    Filesize

    20KB

    MD5

    d45d014aa896cde6704a160d7f4b075d

    SHA1

    9b73a0166b5d5d4b804496ad2f136a8368ccb372

    SHA256

    fe327fc059bff3d0c598ee2e27a85d0641ba8ff9aefeda336701d676f3e086ea

    SHA512

    b80c0f360dc53e57d0d5101f217f15fbb562e8c382c80189ba9ea45cbc5977e76ea93dc3b4ca296a6c06f1f8378513329b9043b535f8881987d30cad8c14f004

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\nsnCF4D.tmp\System.dll
    Filesize

    11KB

    MD5

    3e6bf00b3ac976122f982ae2aadb1c51

    SHA1

    caab188f7fdc84d3fdcb2922edeeb5ed576bd31d

    SHA256

    4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe

    SHA512

    1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\nsnCF4D.tmp\inst.dat
    Filesize

    84KB

    MD5

    b4d8328b28f1d4b19aecc8fa8a9f3418

    SHA1

    de507d79f606c8ec3c4735d3fe9878e3592e6a0b

    SHA256

    d5fb22492ac508dda29da634566d0f5c7b0d1911683de490698c84c022502bd4

    SHA512

    07174662ec1b0bf769bfc625261547453f753b89f419cf43ecd5c3aa77200ecc3362c699bb4215448580cae59f0c46df99ae685f021d39d1482da642c727780e

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\nsnCF4D.tmp\lzma.exe
    Filesize

    131KB

    MD5

    38966a0e2d88da4cc4a39a83461c338f

    SHA1

    f4d7d0440cf3ca6048f0f2e90501593629a25098

    SHA256

    8457ac5138561c2ac4bdc88be2caccb4ac023a4ac28fa2a34b21e501aae704e0

    SHA512

    bc7e6e67c077b21c310d8f8579ba737dbee0a51aadefd7478289259a5a644dca29f5f30624e531e9e85a439ba84bfab5f26fa4632cf75164567f9a0f5475c55f

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\nsnCF4D.tmp\lzma.exe
    Filesize

    131KB

    MD5

    38966a0e2d88da4cc4a39a83461c338f

    SHA1

    f4d7d0440cf3ca6048f0f2e90501593629a25098

    SHA256

    8457ac5138561c2ac4bdc88be2caccb4ac023a4ac28fa2a34b21e501aae704e0

    SHA512

    bc7e6e67c077b21c310d8f8579ba737dbee0a51aadefd7478289259a5a644dca29f5f30624e531e9e85a439ba84bfab5f26fa4632cf75164567f9a0f5475c55f

    Download Submit
  • memory/2080-139-0x0000000000000000-mapping.dmp
    Download
  • memory/4436-133-0x0000000000000000-mapping.dmp
    Download