Overview

overview

7

Static

static

1

71ab3b5fd4...42.exe

windows7-x64

7

71ab3b5fd4...42.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    128s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    25/11/2022, 11:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    71ab3b5fd4b634d194a5408d0d453c02c534f1c113e75a59cbccc3146ef94942.exe

  • Size

    815KB

  • MD5

    4cb042dffb315d8b174911a436ebae96

  • SHA1

    dd03e478e2b4019d6c26a0297bb8b024080f1f08

  • SHA256

    71ab3b5fd4b634d194a5408d0d453c02c534f1c113e75a59cbccc3146ef94942

  • SHA512

    137539a1562373de6a512d33b49e14317a7416aa71d748b124808ac8b339eeaff147957f86dd4800604d9ca76da676f73eb0d1970f04cedff352c8ebbdeb679d

  • SSDEEP

    12288:GyFtDfHdZLfbI4gvFDMef2DbnGlsIHqjwnSOCo/1Mqvn1Y9OKisNd:GYHbTDgptevnGls+Uwn2o/1v1YYuNd

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\71ab3b5fd4b634d194a5408d0d453c02c534f1c113e75a59cbccc3146ef94942.exe
    "C:\Users\Admin\AppData\Local\Temp\71ab3b5fd4b634d194a5408d0d453c02c534f1c113e75a59cbccc3146ef94942.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1504

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\nso6F39.tmp\InstallOptions.dll
          Filesize

          14KB

          MD5

          325b008aec81e5aaa57096f05d4212b5

          SHA1

          27a2d89747a20305b6518438eff5b9f57f7df5c3

          SHA256

          c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

          SHA512

          18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

          Download Submit

        • memory/1504-54-0x0000000075C81000-0x0000000075C83000-memory.dmp

          Filesize

          8KB

          Download