556fffdf2073e2302f11191487a65988b7e6b93631e3ea4d39fe1cebae49d3b6

Analysis

max time kernel
189s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 21:45

Target

556fffdf2073e2302f11191487a65988b7e6b93631e3ea4d39fe1cebae49d3b6.exe
Size

3.8MB
MD5

dadc2a0802519f583cfa735c259e8c6b
SHA1

36b11e27fc523c4cbc031a7a6b21acd0129aa5a7
SHA256

556fffdf2073e2302f11191487a65988b7e6b93631e3ea4d39fe1cebae49d3b6
SHA512

9380ea99e03f54fcb5623dd392faf5f92adaf6074889edcea48d2dd5ef8279b53a4be200d8ad95017e909b3eb9a49b1aee505c6bb96160399ab7b8919c8d2a0a
SSDEEP

98304:GkHqrneH6LPM1D7ViuHeXeR4TyWOnbcfy/BUr:7KC6o13YimeR5dbmy/BUr

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
1052	556fffdf2073e2302f11191487a65988b7e6b93631e3ea4d39fe1cebae49d3b6.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\556fffdf2073e2302f11191487a65988b7e6b93631e3ea4d39fe1cebae49d3b6.exe
"C:\Users\Admin\AppData\Local\Temp\556fffdf2073e2302f11191487a65988b7e6b93631e3ea4d39fe1cebae49d3b6.exe"
1⤵
- Loads dropped DLL
PID:1052

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\nsy10DA.tmp\InstallOptions.dll

Filesize
14KB

MD5
0dc0cc7a6d9db685bf05a7e5f3ea4781

SHA1
5d8b6268eeec9d8d904bc9d988a4b588b392213f

SHA256
8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

SHA512
814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

Download Submit