Analysis

  • max time kernel
    325s
  • max time network
    349s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2022, 22:07 UTC

General

  • Target

    37f9625566cb749a01c9e3ec841e7f5347e49285318aa87dd1664bedbdef46f0.exe

  • Size

    2.5MB

  • MD5

    76fd84396f648fc5ca154519b5338c3b

  • SHA1

    842ca29c58d3efb693a7480db757014f48773fe2

  • SHA256

    37f9625566cb749a01c9e3ec841e7f5347e49285318aa87dd1664bedbdef46f0

  • SHA512

    c4c6f1ac0882dd3e08944af7bd4d74be975b4288df0bbe1cce465ee1de8766287ca938dc90317adf89178b0ff1fb18105ca8d31745548fe8e5be4fec23d92e29

  • SSDEEP

    49152:6dez6Pw3bixNqcfn5NUo8UGi7mobp1LTel7f5suulhhdNUfanPFq:PwGbKNFxNTsumYvv0T5ghHEiFq

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\37f9625566cb749a01c9e3ec841e7f5347e49285318aa87dd1664bedbdef46f0.exe
    "C:\Users\Admin\AppData\Local\Temp\37f9625566cb749a01c9e3ec841e7f5347e49285318aa87dd1664bedbdef46f0.exe"
    1⤵
    • Loads dropped DLL
    PID:4636

Network

  • flag-unknown
    DNS
    14.110.152.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.110.152.52.in-addr.arpa
    IN PTR
    Response
  • 20.50.80.209:443
    322 B
    7
  • 93.184.220.29:80
    322 B
    7
  • 104.80.225.205:443
    322 B
    7
  • 72.21.81.240:80
    322 B
    7
  • 72.21.81.240:80
    322 B
    7
  • 72.21.81.240:80
    322 B
    7
  • 104.80.224.44:443
    tls
    92 B
    111 B
    2
    2
  • 104.80.224.44:443
    tls
    92 B
    111 B
    2
    2
  • 8.247.210.254:80
    322 B
    7
  • 8.8.8.8:53
    14.110.152.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    14.110.152.52.in-addr.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsp2B92.tmp\System.dll

    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

  • C:\Users\Admin\AppData\Local\Temp\nsp2B92.tmp\nsDialogs.dll

    Filesize

    9KB

    MD5

    c10e04dd4ad4277d5adc951bb331c777

    SHA1

    b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

    SHA256

    e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

    SHA512

    853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

  • C:\Users\Admin\AppData\Local\Temp\nsp2B92.tmp\nsDialogs.dll

    Filesize

    9KB

    MD5

    c10e04dd4ad4277d5adc951bb331c777

    SHA1

    b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

    SHA256

    e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

    SHA512

    853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

  • memory/4636-135-0x0000000000911000-0x0000000000913000-memory.dmp

    Filesize

    8KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.