ba4a3e4f92395f76b18f020e961b31581b2944172a91d68e2140ab6e27241500

Analysis

max time kernel
50s
max time network
75s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
26/11/2022, 16:16

Target

ba4a3e4f92395f76b18f020e961b31581b2944172a91d68e2140ab6e27241500.exe
Size

43KB
MD5

5280e1204cd6be455a6323a17f1a46cc
SHA1

7694f2e9d0c6fe6613708bd65912820880c44903
SHA256

ba4a3e4f92395f76b18f020e961b31581b2944172a91d68e2140ab6e27241500
SHA512

3054c0f7a3229e84dcc1bf132a68350239b3cb17f2139a101c5fefc59728f9657d77cbc57a49609c2b67b97709dc10b04447ae598c031762d25ff76159093054
SSDEEP

768:eD8DmvBQCpx0UmNX2AD8+PiC5YGTN3c+t38xFKb0D3j1fT3XJEdThEaIH0WKU8LB:c8DE/p+FNX2AdvND8fKb0DlXJEJhEjUV

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
1636	ba4a3e4f92395f76b18f020e961b31581b2944172a91d68e2140ab6e27241500.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\ba4a3e4f92395f76b18f020e961b31581b2944172a91d68e2140ab6e27241500.exe
"C:\Users\Admin\AppData\Local\Temp\ba4a3e4f92395f76b18f020e961b31581b2944172a91d68e2140ab6e27241500.exe"
1⤵
- Loads dropped DLL
PID:1636

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\Users\Admin\AppData\Local\Temp\nsj9704.tmp\nsisdl.dll

Filesize
14KB

MD5
00cc8456bdaa5b8356ade9d7910872fb

SHA1
6996cfbc0e12ac89d71f17eab170df8ccc86b1b6

SHA256
da9ed6fe10fbd507eac842883bbd07025f786cd6afc2855bb0bb51fe757956a6

SHA512
3b94adb44866a7c121457d8bc1689637f60e29e54927032f4fc78d68cf2b0feabc1e6dc1d2413b36f3af4f27933e6bd63156e93748870957f9d30dde353596ba

Download Submit
memory/1636-54-0x00000000757B1000-0x00000000757B3000-memory.dmp

Filesize
8KB

Download