32e966acc96ebe2eb8da331573f8271042b26b7e922a5b12b724afa6e749a81b

Analysis

max time kernel
149s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
26/11/2022, 22:06

Target

32e966acc96ebe2eb8da331573f8271042b26b7e922a5b12b724afa6e749a81b.exe
Size

6.7MB
MD5

6d1939c0481706275f6ed999e079afd5
SHA1

054f1e4dd97a18a70e5043bd5dd280229fea4a58
SHA256

32e966acc96ebe2eb8da331573f8271042b26b7e922a5b12b724afa6e749a81b
SHA512

8ef79d3f808548e2b4defd6a8b18e691fa8dace132874670b10f850746e99e04776e5ff4130438052ccf0f9445e63b2a86c9e85cf177ff30edd3e5b945e4264c
SSDEEP

196608:eqRAyS/P1RWqEOdyoY7TUPfyW5AcYEB5n3qB4l:eqRuP1RXdDYPUnBiczBlaK

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
3836	32e966acc96ebe2eb8da331573f8271042b26b7e922a5b12b724afa6e749a81b.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\32e966acc96ebe2eb8da331573f8271042b26b7e922a5b12b724afa6e749a81b.exe
"C:\Users\Admin\AppData\Local\Temp\32e966acc96ebe2eb8da331573f8271042b26b7e922a5b12b724afa6e749a81b.exe"
1⤵
- Loads dropped DLL
PID:3836

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\nsqB08A.tmp\g.dll

Filesize
538KB

MD5
e6a8f9155f9fa755328c80ebf8c046c7

SHA1
6c58bc63595bfd291c410206e38f2ca6ac6431ed

SHA256
ae6482dc7114d1358d79783df4b890edef8457183d677fc742e12d7f28aa934e

SHA512
4f9e4e49cfaddd55923268ccc647578d18df879ef709bc617d4573b2582ce9060218a0f673635c6e320ce1453c9312ae5c0742f17524766983b7cda940d5ad1d

Download Submit