Analysis
-
max time kernel
144s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
25-11-2022 12:35
Static task
static1
Behavioral task
behavioral1
Sample
783f36472e0cd9de5860a2a6187dd81cdcb1b979bc3cac05a3b8e08bfa9e57ce.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
783f36472e0cd9de5860a2a6187dd81cdcb1b979bc3cac05a3b8e08bfa9e57ce.exe
Resource
win10v2004-20220901-en
General
-
Target
783f36472e0cd9de5860a2a6187dd81cdcb1b979bc3cac05a3b8e08bfa9e57ce.exe
-
Size
2.1MB
-
MD5
37fa9f3186334ce2cc3f2c64fb0b4f5a
-
SHA1
29aaf3d9b02ab848ca54064f924226f9094eeee5
-
SHA256
783f36472e0cd9de5860a2a6187dd81cdcb1b979bc3cac05a3b8e08bfa9e57ce
-
SHA512
bc72ff3d9d683856af8d1a152f238315084f687424674b6f3000086ba9acfbc3a36a36f8d68654d42f2335a551c1a945f24b8794795e39d45f6f43424d7c2cf9
-
SSDEEP
49152:lcUPV7ov7LGrF1qvUlOXLLbepM+Vl+9S9Gym8b2xhY5oYSj:lcs07LGyvUYbepM+VltyxhY5xE
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
783f36472e0cd9de5860a2a6187dd81cdcb1b979bc3cac05a3b8e08bfa9e57ce.exepid process 2308 783f36472e0cd9de5860a2a6187dd81cdcb1b979bc3cac05a3b8e08bfa9e57ce.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\nshB358.tmp\InstallOptions.dllFilesize
14KB
MD532aa6334fc543e70ef0f792bb9a0c45a
SHA154be1f5004f7e5afe7c9ba160495076ea2a4d60c
SHA256610e54bcfc2831d4f9d7030ceb16d35ee33006403d842f01b6e75bebea0083e2
SHA512ac92116821a032de8df64bf9aea9c6ba4040467eebaa4e028c2bf031f1c81bb69531288b9d89d951b952fe0b4ecccade874a5ae76d04db8b4dee2d13c486f9ae