Overview

overview

7

Static

static

d72cb54a9e...64.exe

windows7-x64

7

d72cb54a9e...64.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    42s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    04/12/2022, 04:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d72cb54a9e285297007dd59fdd8eb2ba279bb5b436029ff9a231af311dce0564.exe

  • Size

    829KB

  • MD5

    14bd446f2a595a95c2969da556fcbdac

  • SHA1

    897541d73b1b4c3662000e43d8186bd167087b1c

  • SHA256

    d72cb54a9e285297007dd59fdd8eb2ba279bb5b436029ff9a231af311dce0564

  • SHA512

    4ae67ee1c20305cd41ad0a6a3d12fa2b7d7c2be6e364dab9f062e394d05402acada7a101eff15b592240390b3a679133f31ae48dce2c85a35c1ebdbdbb8c8866

  • SSDEEP

    12288:Jm9t9r9ut6+9sZVO9vmC8m8W2rUZevTMHnazhV:J3t6+9s1C8mFZeLMHazn

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\d72cb54a9e285297007dd59fdd8eb2ba279bb5b436029ff9a231af311dce0564.exe
    "C:\Users\Admin\AppData\Local\Temp\d72cb54a9e285297007dd59fdd8eb2ba279bb5b436029ff9a231af311dce0564.exe"
    1⤵
    • Loads dropped DLL
    PID:1808

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nso52.tmp\System.dll
    Filesize

    10KB

    MD5

    5e045f164f0ff38f178c604963c0425a

    SHA1

    aea8b7fda2513a99c8cdb57b3d2ec31f6044ae66

    SHA256

    ea65dcebf4eab5fb1c4520297cc7e4c7def407c16b546790df2a546d09ad16ce

    SHA512

    51d543672afb072811307b5db69d0384abd36c7ecc9b1ec8dabdbc7f88d0b6825e6cb20e472e3c296a00cf53fccf17fae7caf8d330a32f1f9c211fd6d752d240

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso52.tmp\nsDialogs.dll
    Filesize

    8KB

    MD5

    60bef38f7ecb037d4541203a79ba7e07

    SHA1

    34093fbab7c7e6d36127e0d04309522fd71b58d4

    SHA256

    756031c51fe9982673f11f81f46e9f7b78ae78444aaec1b000de6217ddebc9fe

    SHA512

    66f99e7bd71fcb5a8531583f4b7ae4e47cbc741f131deabda3e96aeff7bd6d04ce9bb9c9370548d6a93709182c9025b918d6f4cf06ddff07b66ccf8c1bbffb0d

    Download Submit

  • memory/1808-54-0x0000000076171000-0x0000000076173000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1808-57-0x0000000000400000-0x00000000004D01A0-memory.dmp

    Filesize

    832KB

    Download