84c7ee0110740b10c3f9c1b58c631036cce9f8404e2e5ec2aca0f80a21aa5fdb

Analysis

max time kernel
123s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
28/11/2022, 02:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

84c7ee0110740b10c3f9c1b58c631036cce9f8404e2e5ec2aca0f80a21aa5fdb.exe
Size

98KB
MD5

ef210fbd50443ebdc3fadc7a918a6ef1
SHA1

fa0cbc853943e3c21db747238d1ea3f529008021
SHA256

84c7ee0110740b10c3f9c1b58c631036cce9f8404e2e5ec2aca0f80a21aa5fdb
SHA512

9829bf6d95a867398744526a8d20d921f91ca98179abb156f3deb0c6c2b3656120183537e96f6b21d55c7bd38c022a647aba11c0575e4bf7a75d3b296abeab44
SSDEEP

3072:aM1BjoYNXoKDIJBXJPwj8uZSPV0A3vL57yRx6OIftLLDYfq:aMMYNXqBBwj8iSPVx3T57Lh0S

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
1780	84c7ee0110740b10c3f9c1b58c631036cce9f8404e2e5ec2aca0f80a21aa5fdb.exe
1780	84c7ee0110740b10c3f9c1b58c631036cce9f8404e2e5ec2aca0f80a21aa5fdb.exe
1780	84c7ee0110740b10c3f9c1b58c631036cce9f8404e2e5ec2aca0f80a21aa5fdb.exe
1780	84c7ee0110740b10c3f9c1b58c631036cce9f8404e2e5ec2aca0f80a21aa5fdb.exe
1780	84c7ee0110740b10c3f9c1b58c631036cce9f8404e2e5ec2aca0f80a21aa5fdb.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\84c7ee0110740b10c3f9c1b58c631036cce9f8404e2e5ec2aca0f80a21aa5fdb.exe
"C:\Users\Admin\AppData\Local\Temp\84c7ee0110740b10c3f9c1b58c631036cce9f8404e2e5ec2aca0f80a21aa5fdb.exe"
1⤵
- Loads dropped DLL
PID:1780

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsnDAC6.tmp\H9Js9jw.dll

Filesize
153KB

MD5
5585237695180923311865974b764070

SHA1
9fba44438cc945233755828d61c5b02982e76a9e

SHA256
e2ed3317dde9641daf05ec7f152e7e81390ffd9b250c2b8a718770945472a147

SHA512
b43e4348d40432a13f1d79f23e4aaf7cc3623771e63cc89c38694180c44634d8309f7c7d045dee8e7d53155dfcc0357feac5518106d4280ed42fe5bc781d80ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnDAC6.tmp\H9Js9jw.dll

Filesize
153KB

MD5
5585237695180923311865974b764070

SHA1
9fba44438cc945233755828d61c5b02982e76a9e

SHA256
e2ed3317dde9641daf05ec7f152e7e81390ffd9b250c2b8a718770945472a147

SHA512
b43e4348d40432a13f1d79f23e4aaf7cc3623771e63cc89c38694180c44634d8309f7c7d045dee8e7d53155dfcc0357feac5518106d4280ed42fe5bc781d80ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnDAC6.tmp\H9Js9jw.dll

Filesize
153KB

MD5
5585237695180923311865974b764070

SHA1
9fba44438cc945233755828d61c5b02982e76a9e

SHA256
e2ed3317dde9641daf05ec7f152e7e81390ffd9b250c2b8a718770945472a147

SHA512
b43e4348d40432a13f1d79f23e4aaf7cc3623771e63cc89c38694180c44634d8309f7c7d045dee8e7d53155dfcc0357feac5518106d4280ed42fe5bc781d80ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnDAC6.tmp\H9Js9jw.dll

Filesize
153KB

MD5
5585237695180923311865974b764070

SHA1
9fba44438cc945233755828d61c5b02982e76a9e

SHA256
e2ed3317dde9641daf05ec7f152e7e81390ffd9b250c2b8a718770945472a147

SHA512
b43e4348d40432a13f1d79f23e4aaf7cc3623771e63cc89c38694180c44634d8309f7c7d045dee8e7d53155dfcc0357feac5518106d4280ed42fe5bc781d80ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnDAC6.tmp\System.dll

Filesize
11KB

MD5
883eff06ac96966270731e4e22817e11

SHA1
523c87c98236cbc04430e87ec19b977595092ac8

SHA256
44e5dfd551b38e886214bd6b9c8ee913c4c4d1f085a6575d97c3e892b925da82

SHA512
60333253342476911c84bbc1d9bf8a29f811207787fdd6107dce8d2b6e031669303f28133ffc811971ed7792087fe90fb1faabc0af4e91c298ba51e28109a390

Download Submit