0a6a283cdfde063f3401ed9bdb50763d6fb094d84686031abac590bf61824f3a

Analysis

max time kernel
81s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
28/11/2022, 03:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a6a283cdfde063f3401ed9bdb50763d6fb094d84686031abac590bf61824f3a.exe
Size

226KB
MD5

4c3680385396182b70675d780200b9ab
SHA1

81841e8e6fcf77f0977f644a048e9545b1981b5d
SHA256

0a6a283cdfde063f3401ed9bdb50763d6fb094d84686031abac590bf61824f3a
SHA512

11e3a92c74713392a110b7efa2c25335e629a652fa2f2a3333e6d43499b64ff337d4dabc162fe1dcce3a1a1fcaf92e271e58108c253e47f892f142b0faba73a5
SSDEEP

6144:CJtUK/n0bR3tjiXpANAiP+Y1PU9jMk9SE+aLT:CJtL/nKt+Yuv9Sdan

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x0001000000022e00-134.dat	acprotect
behavioral2/memory/1884-135-0x0000000074420000-0x0000000074429000-memory.dmp	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0001000000022e00-134.dat	upx
behavioral2/memory/1884-135-0x0000000074420000-0x0000000074429000-memory.dmp	upx

Loads dropped DLL 4 IoCs

pid	Process
1884	0a6a283cdfde063f3401ed9bdb50763d6fb094d84686031abac590bf61824f3a.exe
1884	0a6a283cdfde063f3401ed9bdb50763d6fb094d84686031abac590bf61824f3a.exe
1884	0a6a283cdfde063f3401ed9bdb50763d6fb094d84686031abac590bf61824f3a.exe
1884	0a6a283cdfde063f3401ed9bdb50763d6fb094d84686031abac590bf61824f3a.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\0a6a283cdfde063f3401ed9bdb50763d6fb094d84686031abac590bf61824f3a.exe
"C:\Users\Admin\AppData\Local\Temp\0a6a283cdfde063f3401ed9bdb50763d6fb094d84686031abac590bf61824f3a.exe"
1⤵
- Loads dropped DLL
PID:1884

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsfD4DB.tmp\System.dll

Filesize
23KB

MD5
f56835dc4234fc299d1d955801e0d2d0

SHA1
751084b7b9819f3f4eaf1d6c0f3b9a7323a8061c

SHA256
70de74c6bfb6edea88295acb4927edf119ec6471bee0084b849b95bd164530e3

SHA512
00017f0d0cd8627638a2602cc92b647f844d488e0ea52f4f78dd96e115b5dd46a9e3140150d495a57aae1805f7d59b5767e659026383691ade363630bbf7427b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfD4DB.tmp\inetc.dll

Filesize
25KB

MD5
29e2dcdfb57ee3ab5e2bbc2fc3c42f02

SHA1
bd6cafcce5b70ee15311f9f53e9fd4aac819ccda

SHA256
2b7a69e98ed4975fd4eade513cff17099c43b3eebe7e7641696d1d20e8e14b2f

SHA512
f71c981b3b5308566b56156462d106ebf8e49a32e55b70891f9d70338941afd347cb4df374fe38b9b3d7309f63dd75a7c80ebe02bb8941d558cd638a6f8daf7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfD4DB.tmp\nsDialogs.dll

Filesize
11KB

MD5
d90beb6eed8211459108fb7e95cbd6cc

SHA1
fd2c4a9fe2dab3bceebbd53e0b5491d568267c84

SHA256
32046317f3c8c45514e15b1beb0f241aa06cf2e1d9f9c795e18ab14215677275

SHA512
284ba6a0626b708943eab6b86fd94774a91b43f17a72f2341243f0b42749261072b096ef8c9a6375da848b4c8ac7c04e6599894869bd371d9c592162d15c019a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfD4DB.tmp\nsRichEdit.dll

Filesize
5KB

MD5
02f1858b3131ffc3fc5e3a5391d3a489

SHA1
454a6d749cf55ff990bd9f57941aca9d1f1674f6

SHA256
f00bd6d3e7c7b8e8ad18b7dc6275fb80cc720fb164200a6506f50f6e66998b12

SHA512
8147fa8014a5065f4fed7de1fbb9c2ee2c1b94d63596f7bbcf6821ecd41a73d25ebdfa1e71ca74d7598cba063042b6dfcaf050a23d0c855a7b6fbc94147ab41b

Download Submit
memory/1884-135-0x0000000074420000-0x0000000074429000-memory.dmp

Filesize
36KB

Download
memory/1884-137-0x0000000074420000-0x0000000074429000-memory.dmp

Filesize
36KB

Download