742529ec4a60381b92bdd2ad18de865bd57deb61449d21a8cf7b17160dcfe51d

Analysis

max time kernel
274s
max time network
399s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 20:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bc9d7f57af5ec6e5787b311f41ba5080.exe
Size

34.1MB
MD5

bc9d7f57af5ec6e5787b311f41ba5080
SHA1

ac633837d34fc19445d16ff2aaf633fd26e3cc19
SHA256

742529ec4a60381b92bdd2ad18de865bd57deb61449d21a8cf7b17160dcfe51d
SHA512

890fdd07452fab2cc51b9306e10c8712ddad6f05284df54a0d8f4e42851b1ac893aeb955be6b79fc60584073dd416e8d7c71b61c0ede486659fea8306fdeabeb
SSDEEP

786432:L5Q19m90V4YBc93MhpZ53sjjvMcc6+LL1Y9rrEbNV7sef4Byddga7p:L5em9+Vi3qZ0jYLhCfafVvgOp

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1384	bc9d7f57af5ec6e5787b311f41ba5080.exe
1384	bc9d7f57af5ec6e5787b311f41ba5080.exe
1384	bc9d7f57af5ec6e5787b311f41ba5080.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1384	bc9d7f57af5ec6e5787b311f41ba5080.exe

C:\Users\Admin\AppData\Local\Temp\bc9d7f57af5ec6e5787b311f41ba5080.exe
"C:\Users\Admin\AppData\Local\Temp\bc9d7f57af5ec6e5787b311f41ba5080.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:1384

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsv7449.tmp\InstallOptions.dll

Filesize
15KB

MD5
772916a8476bedb91c979e10cbc63af4

SHA1
3b09bb357352adfc15ef963c91136b654c7ea6bd

SHA256
2849e1b8ffe4b8cf9afb6139c19ff962b8e83a5e14f590a9204034b0a0cc2f51

SHA512
9710f4cf3182b25acd5206326cacdd53147505da1194dc386a82bac097ddabf05d518b2822d0032a247c4393f0912adba06ebe0e4e9d1118f80750c61c691e89

Download Submit
\Users\Admin\AppData\Local\Temp\nsv7449.tmp\System.dll

Filesize
11KB

MD5
7df8fb4196186f28cb308f9952d7ef64

SHA1
f20a7259ad233ac3795b6e6537de658209a8fd40

SHA256
72253837028abed272e5d50a3a6771933e9dd1aad73e90b8db4538aa9c786cbf

SHA512
3f373d69664ce015ceab16c12ba4c806c3489b89ae9db282551ec2452acd2ced1d70ddd4de0ef8c56d62a715624c9d2ceddc968adf07e905f2e4c81c2850ae4b

Download Submit
\Users\Admin\AppData\Local\Temp\nsv7449.tmp\UserInfo.dll

Filesize
4KB

MD5
127a2a7b8cb2c364bd7669e04822b334

SHA1
f6d958e69b6608677f66ea7ab452d10f972f0859

SHA256
d652d20a63abb4c1529c803e5b68233b36effd973006f0c4e36e9a5ecda2d983

SHA512
5f03dbaca4f2b358fb44a0809e084c62713cc73decb8607510b234638e8a3aab1433e8d7a392fa31904484550e869143109c507e37e6b8ca241fa1e9e1133f80

Download Submit
memory/1384-54-0x00000000757E1000-0x00000000757E3000-memory.dmp

Filesize
8KB

Download