Overview

overview

7

Static

static

f021e67cc6...c5.exe

windows7-x64

7

f021e67cc6...c5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-11-2022 04:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f021e67cc65144417b890e7427abe863aca6baba250718fa01323398ee46b3c5.exe

  • Size

    114KB

  • MD5

    cc6473586179fdf17ea5586e3b87ede6

  • SHA1

    f0cddce0fc17cc961956389a5dfb88248f681088

  • SHA256

    f021e67cc65144417b890e7427abe863aca6baba250718fa01323398ee46b3c5

  • SHA512

    b97d8a50034e26e4fe6c2937413785fe41cbf25fc35577e6068f7d4b63541061c01e0f5d70ed0e25d7c9033b06b5ce0309f07c50de0cdc652acdbc5d6876ed15

  • SSDEEP

    1536:20YBsBE3ain2Q5xq10DZYzI2L7JbMkqq/uzEfkZtC:rnBTi2CRDZYzI2L7Oj2ke

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\f021e67cc65144417b890e7427abe863aca6baba250718fa01323398ee46b3c5.exe
    "C:\Users\Admin\AppData\Local\Temp\f021e67cc65144417b890e7427abe863aca6baba250718fa01323398ee46b3c5.exe"
    1⤵
    • Loads dropped DLL
    PID:4308

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsi8F26.tmp\nsExec.dll
    Filesize

    6KB

    MD5

    1128ee61dffa0a97d30b2f828235b289

    SHA1

    b552f3d4f13894f2f30fb446893093ca78fe149c

    SHA256

    1e33decac84bdd2b3a651c969258f8e6c90616e9ec35de6ab4f402709555ce4c

    SHA512

    d470356be436997fc53c17b8546cc80b187538ad2f258788761b92c28d91ef733fe6d8b3b33c353d84d1e0ae089207efd1ebfde33a6d33d5a341960e7bcfc8f5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsi8F26.tmp\nsisdl.dll
    Filesize

    15KB

    MD5

    dd893b05df4fae0be652dfb188cd02d1

    SHA1

    a93eed746ad7c87e84e95594b928236eac4c6aed

    SHA256

    334697f5ae532cbd6274a17f2009d21acdece8e21735cb16cf2c09262be7cfa2

    SHA512

    baaa24e1deea742298ed4a361f70b568106fe462b71689b6394daa805ae898f246b4d417a176f66aec192ae0d64bafee555bb95388e02d3304b4a73a2f2f42f4

    Download Submit