Analysis
-
max time kernel
233s -
max time network
336s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
25-11-2022 12:42
Static task
static1
Behavioral task
behavioral1
Sample
5b387c2f5098e552e539af50d496fa0b81668d43612b7ba0c9c5c4de11116a09.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
5b387c2f5098e552e539af50d496fa0b81668d43612b7ba0c9c5c4de11116a09.exe
Resource
win10v2004-20220901-en
General
-
Target
5b387c2f5098e552e539af50d496fa0b81668d43612b7ba0c9c5c4de11116a09.exe
-
Size
6.7MB
-
MD5
0ee8ec9b20851bb35b4f3c5e3bf6f1d6
-
SHA1
e6616321da6aef8849ec3c43fc3757373283b7d4
-
SHA256
5b387c2f5098e552e539af50d496fa0b81668d43612b7ba0c9c5c4de11116a09
-
SHA512
7aaa2705832cc2090d096ab31515f594fee79b87166828de5406e08c6fd375351c5c579cb2d917aab7767e9d9596fa09641dbda1a75578a88c1bb659c3c0a9fe
-
SSDEEP
196608:MCpBDIGImMSEVmF2gKdBcgPjeMUPAIBa2qpOmQI3ILO:/pB9f42jKdBcgbb+AIBa7O2YLO
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 2 IoCs
Detects file using ACProtect software.
Processes:
resource yara_rule \Users\Admin\AppData\Local\Temp\nspFF87.tmp\Aero.dll acprotect behavioral1/memory/940-56-0x0000000074C00000-0x0000000074C09000-memory.dmp acprotect -
Processes:
resource yara_rule \Users\Admin\AppData\Local\Temp\nspFF87.tmp\Aero.dll upx behavioral1/memory/940-56-0x0000000074C00000-0x0000000074C09000-memory.dmp upx -
Loads dropped DLL 2 IoCs
Processes:
5b387c2f5098e552e539af50d496fa0b81668d43612b7ba0c9c5c4de11116a09.exepid process 940 5b387c2f5098e552e539af50d496fa0b81668d43612b7ba0c9c5c4de11116a09.exe 940 5b387c2f5098e552e539af50d496fa0b81668d43612b7ba0c9c5c4de11116a09.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
5b387c2f5098e552e539af50d496fa0b81668d43612b7ba0c9c5c4de11116a09.exepid process 940 5b387c2f5098e552e539af50d496fa0b81668d43612b7ba0c9c5c4de11116a09.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\nspFF87.tmp\Aero.dllFilesize
6KB
MD5869c5949a10b32d3a31966cc5291301b
SHA1329080c974d593ecdefd02afa38dd663a10331c4
SHA256b19961de6ca07e08704d6372718542f70dbbb203e59bf9bbe3a58f6e069a625c
SHA5123b9dde16e9ca803b1048243dbf29c717ac0472dffa764542c234318a960828834aa650b1dfb8bba66c4e7a9ce3aaf453829afc57dfb33dc8c311d203150d4fca
-
\Users\Admin\AppData\Local\Temp\nspFF87.tmp\nsDialogs.dllFilesize
9KB
MD5cbc54333f7004cc35e081a109cf2395f
SHA1aaee376371b49670c941ca12d9af2f16bef6646c
SHA256b45c6b8482c42bf061160f474efb75db545391b8d5c19cf84b3918548d8e1cf6
SHA5128a60ecde8c1b181b78a05b676dd0c7ca15b04f3c0d376ac2b08f266a9ce367caa94117db4637c940dc55a91696ceee97c88b70adfc8bcf69eab6643263e7041c
-
memory/940-54-0x0000000076391000-0x0000000076393000-memory.dmpFilesize
8KB
-
memory/940-56-0x0000000074C00000-0x0000000074C09000-memory.dmpFilesize
36KB