548bc22d5a93518f7248513409f6e3fb2b3a2ec5baebd8432bfd304701733efe

General

Target

548bc22d5a93518f7248513409f6e3fb2b3a2ec5baebd8432bfd304701733efe.exe
Size

19.6MB
MD5

502ed05e5885cb34ccdbe3bf2b1a92b3
SHA1

b6a858bf260b848f4d0bc1295c734e316f0c3ed3
SHA256

548bc22d5a93518f7248513409f6e3fb2b3a2ec5baebd8432bfd304701733efe
SHA512

ca08e23bfba99526c8a873c8a1b4091aed651c654432c0f9b6645afba679f12dc523cc789e381d9f41b407483360708ae78e38b46616ca753fa0e6db974ececd
SSDEEP

393216:Cbj/h0bVocYx9f2nnoQNB+bXQ5RF+WhuMUf4EU6N47sBQlB8:CbyYxNwoQNB+oF+WwAJE47s4B8

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
1724	548bc22d5a93518f7248513409f6e3fb2b3a2ec5baebd8432bfd304701733efe.exe
1724	548bc22d5a93518f7248513409f6e3fb2b3a2ec5baebd8432bfd304701733efe.exe
1724	548bc22d5a93518f7248513409f6e3fb2b3a2ec5baebd8432bfd304701733efe.exe
1724	548bc22d5a93518f7248513409f6e3fb2b3a2ec5baebd8432bfd304701733efe.exe
1724	548bc22d5a93518f7248513409f6e3fb2b3a2ec5baebd8432bfd304701733efe.exe
1724	548bc22d5a93518f7248513409f6e3fb2b3a2ec5baebd8432bfd304701733efe.exe
1724	548bc22d5a93518f7248513409f6e3fb2b3a2ec5baebd8432bfd304701733efe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1724	548bc22d5a93518f7248513409f6e3fb2b3a2ec5baebd8432bfd304701733efe.exe
1724	548bc22d5a93518f7248513409f6e3fb2b3a2ec5baebd8432bfd304701733efe.exe
1724	548bc22d5a93518f7248513409f6e3fb2b3a2ec5baebd8432bfd304701733efe.exe
1724	548bc22d5a93518f7248513409f6e3fb2b3a2ec5baebd8432bfd304701733efe.exe
1724	548bc22d5a93518f7248513409f6e3fb2b3a2ec5baebd8432bfd304701733efe.exe

C:\Users\Admin\AppData\Local\Temp\548bc22d5a93518f7248513409f6e3fb2b3a2ec5baebd8432bfd304701733efe.exe
"C:\Users\Admin\AppData\Local\Temp\548bc22d5a93518f7248513409f6e3fb2b3a2ec5baebd8432bfd304701733efe.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1724

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsy931E.tmp\FindProcDLL.dll

Filesize
27KB

MD5
6f73b00aef6c49eac62128ef3eca677e

SHA1
1b6aff67d570e5ee61af2376247590eb49b728a1

SHA256
6eb09ce25c7fc62e44dc2f71761c6d60dd4b2d0c7d15e9651980525103aac0a9

SHA512
678fc4bf7d345eeb99a3420ec7d0071eaba302845e93b48527d9a2a9c406709cc44ec74d6a889e25a8351a463803f8713a833df3a1707a5ad50db05240a32938

Download Submit
\Users\Admin\AppData\Local\Temp\nsy931E.tmp\System.dll

Filesize
11KB

MD5
7399323923e3946fe9140132ac388132

SHA1
728257d06c452449b1241769b459f091aabcffc5

SHA256
5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3

SHA512
d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1

Download Submit
\Users\Admin\AppData\Local\Temp\nsy931E.tmp\nsDialogs.dll

Filesize
325KB

MD5
14a2baa31f6641f9228a74d5db18fb96

SHA1
b4b1c38f09efc2b74b4cd8fd5cd28e6b11dffbd6

SHA256
5491b53f9286a0a62140080eed9fb1d0d70c09a29039b1b841b8aff2134623fa

SHA512
61d0867d925e141f0ed9866d3613a02ca891880843e87c40e3f8edb289569fc17850c0b81d0a27d02c714e66bf0e178b2753b38db09d8f3f0669470f9f43e4a3

Download Submit
\Users\Admin\AppData\Local\Temp\nsy931E.tmp\nsDialogs.dll

Filesize
325KB

MD5
14a2baa31f6641f9228a74d5db18fb96

SHA1
b4b1c38f09efc2b74b4cd8fd5cd28e6b11dffbd6

SHA256
5491b53f9286a0a62140080eed9fb1d0d70c09a29039b1b841b8aff2134623fa

SHA512
61d0867d925e141f0ed9866d3613a02ca891880843e87c40e3f8edb289569fc17850c0b81d0a27d02c714e66bf0e178b2753b38db09d8f3f0669470f9f43e4a3

Download Submit
\Users\Admin\AppData\Local\Temp\nsy931E.tmp\nsDialogs.dll

Filesize
325KB

MD5
14a2baa31f6641f9228a74d5db18fb96

SHA1
b4b1c38f09efc2b74b4cd8fd5cd28e6b11dffbd6

SHA256
5491b53f9286a0a62140080eed9fb1d0d70c09a29039b1b841b8aff2134623fa

SHA512
61d0867d925e141f0ed9866d3613a02ca891880843e87c40e3f8edb289569fc17850c0b81d0a27d02c714e66bf0e178b2753b38db09d8f3f0669470f9f43e4a3

Download Submit
\Users\Admin\AppData\Local\Temp\nsy931E.tmp\nsDialogs.dll

Filesize
325KB

MD5
14a2baa31f6641f9228a74d5db18fb96

SHA1
b4b1c38f09efc2b74b4cd8fd5cd28e6b11dffbd6

SHA256
5491b53f9286a0a62140080eed9fb1d0d70c09a29039b1b841b8aff2134623fa

SHA512
61d0867d925e141f0ed9866d3613a02ca891880843e87c40e3f8edb289569fc17850c0b81d0a27d02c714e66bf0e178b2753b38db09d8f3f0669470f9f43e4a3

Download Submit
\Users\Admin\AppData\Local\Temp\nsy931E.tmp\nsDialogs.dll

Filesize
325KB

MD5
14a2baa31f6641f9228a74d5db18fb96

SHA1
b4b1c38f09efc2b74b4cd8fd5cd28e6b11dffbd6

SHA256
5491b53f9286a0a62140080eed9fb1d0d70c09a29039b1b841b8aff2134623fa

SHA512
61d0867d925e141f0ed9866d3613a02ca891880843e87c40e3f8edb289569fc17850c0b81d0a27d02c714e66bf0e178b2753b38db09d8f3f0669470f9f43e4a3

Download Submit
memory/1724-54-0x0000000076411000-0x0000000076413000-memory.dmp

Filesize
8KB

Download
memory/1724-59-0x0000000000630000-0x000000000063A000-memory.dmp

Filesize
40KB

Download
memory/1724-61-0x0000000001F20000-0x0000000001F78000-memory.dmp

Filesize
352KB

Download

Analysis

Sharing