b0663c6c5588da2839cc60650428d779e603237d09fc4fcaefb484b921954e9e

Analysis

max time kernel
30s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 01:29

Target

b0663c6c5588da2839cc60650428d779e603237d09fc4fcaefb484b921954e9e.exe
Size

181KB
MD5

609fd3f4d9513efc02e7b4c70ffcebe6
SHA1

62cecc58f49bd66631caa6c1482288320d5a4665
SHA256

b0663c6c5588da2839cc60650428d779e603237d09fc4fcaefb484b921954e9e
SHA512

b29a438289f659f281b4ce1f736dfc2387711c9cb68299edcacc6eb9a75ebe480f4ff9603dd74d7924e235e9da6a08916ab78b276a2d9b63b0811fa93bf9885c
SSDEEP

3072:da34u3Yq6fuH8oLMrFlR12SR5yVVB6iUFVjEPN4FxB1pXtikOaZLgQ:ju3O48QGRo0yLEbjQWxBhiEZ

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
1724	b0663c6c5588da2839cc60650428d779e603237d09fc4fcaefb484b921954e9e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\b0663c6c5588da2839cc60650428d779e603237d09fc4fcaefb484b921954e9e.exe
"C:\Users\Admin\AppData\Local\Temp\b0663c6c5588da2839cc60650428d779e603237d09fc4fcaefb484b921954e9e.exe"
1⤵
- Loads dropped DLL
PID:1724

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\Users\Admin\AppData\Local\Temp\nsyB31C.tmp\System.dll

Filesize
12KB

MD5
8cf2ac271d7679b1d68eefc1ae0c5618

SHA1
7cc1caaa747ee16dc894a600a4256f64fa65a9b8

SHA256
6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

SHA512
ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

Download Submit
memory/1724-54-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

Filesize
8KB

Download