Overview

overview

9

Static

static

5b387c2f50...09.exe

windows7-x64

9

5b387c2f50...09.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    86s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2022 12:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5b387c2f5098e552e539af50d496fa0b81668d43612b7ba0c9c5c4de11116a09.exe

  • Size

    6.7MB

  • MD5

    0ee8ec9b20851bb35b4f3c5e3bf6f1d6

  • SHA1

    e6616321da6aef8849ec3c43fc3757373283b7d4

  • SHA256

    5b387c2f5098e552e539af50d496fa0b81668d43612b7ba0c9c5c4de11116a09

  • SHA512

    7aaa2705832cc2090d096ab31515f594fee79b87166828de5406e08c6fd375351c5c579cb2d917aab7767e9d9596fa09641dbda1a75578a88c1bb659c3c0a9fe

  • SSDEEP

    196608:MCpBDIGImMSEVmF2gKdBcgPjeMUPAIBa2qpOmQI3ILO:/pB9f42jKdBcgbb+AIBa7O2YLO

Score
9/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b387c2f5098e552e539af50d496fa0b81668d43612b7ba0c9c5c4de11116a09.exe
    "C:\Users\Admin\AppData\Local\Temp\5b387c2f5098e552e539af50d496fa0b81668d43612b7ba0c9c5c4de11116a09.exe"
    1⤵
    • Loads dropped DLL
    PID:2732

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsrE65F.tmp\Aero.dll
    Filesize

    6KB

    MD5

    869c5949a10b32d3a31966cc5291301b

    SHA1

    329080c974d593ecdefd02afa38dd663a10331c4

    SHA256

    b19961de6ca07e08704d6372718542f70dbbb203e59bf9bbe3a58f6e069a625c

    SHA512

    3b9dde16e9ca803b1048243dbf29c717ac0472dffa764542c234318a960828834aa650b1dfb8bba66c4e7a9ce3aaf453829afc57dfb33dc8c311d203150d4fca

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\nsrE65F.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    cbc54333f7004cc35e081a109cf2395f

    SHA1

    aaee376371b49670c941ca12d9af2f16bef6646c

    SHA256

    b45c6b8482c42bf061160f474efb75db545391b8d5c19cf84b3918548d8e1cf6

    SHA512

    8a60ecde8c1b181b78a05b676dd0c7ca15b04f3c0d376ac2b08f266a9ce367caa94117db4637c940dc55a91696ceee97c88b70adfc8bcf69eab6643263e7041c

    Download Submit
  • memory/2732-134-0x00000000750F0000-0x00000000750F9000-memory.dmp
    Filesize

    36KB

    Download