Overview

overview

7

Static

static

1

906de8f0b0...0a.exe

windows7-x64

7

906de8f0b0...0a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    41s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    25-11-2022 12:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    906de8f0b06308495c7bf7cbe038e14950221867d33430019aab000118b25f0a.exe

  • Size

    5.1MB

  • MD5

    96b9ce6ac02f0631496e86fd264636f2

  • SHA1

    e1d38783f6cab2d764f232158c073f230116713e

  • SHA256

    906de8f0b06308495c7bf7cbe038e14950221867d33430019aab000118b25f0a

  • SHA512

    bac4169b1e9e09ce47bb6dfea3c0c719e16539a3c782d36fa453d47d04b9c3bbdec143851f847d17ceab27b4cf0056c0c959d16fbda385566e5f66c538bb478e

  • SSDEEP

    98304:y72K8Zq6sz5kzeq73OJRxSgwSKklhp7qfKx5aQQTuw9anjqFeu5AbbjzILW:VKae5Lq73ErwQZAA59QTbhcIibjzf

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\906de8f0b06308495c7bf7cbe038e14950221867d33430019aab000118b25f0a.exe
    "C:\Users\Admin\AppData\Local\Temp\906de8f0b06308495c7bf7cbe038e14950221867d33430019aab000118b25f0a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:1632

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsyF8A3.tmp\FindProcDLL.dll
    Filesize

    3KB

    MD5

    8614c450637267afacad1645e23ba24a

    SHA1

    e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

    SHA256

    0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

    SHA512

    af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nsyF8A3.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    325b008aec81e5aaa57096f05d4212b5

    SHA1

    27a2d89747a20305b6518438eff5b9f57f7df5c3

    SHA256

    c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    SHA512

    18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nsyF8A3.tmp\KillProcDLL.dll
    Filesize

    4KB

    MD5

    99f345cf51b6c3c317d20a81acb11012

    SHA1

    b3d0355f527c536ea14a8ff51741c8739d66f727

    SHA256

    c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93

    SHA512

    937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nsyF8A3.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit
  • memory/1632-54-0x0000000076BA1000-0x0000000076BA3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1632-57-0x0000000000A10000-0x0000000000A13000-memory.dmp
    Filesize

    12KB

    Download
  • memory/1632-60-0x0000000000A10000-0x0000000000A13000-memory.dmp
    Filesize

    12KB

    Download