Overview

overview

7

Static

static

1

5ae09520f2...be.exe

windows7-x64

7

5ae09520f2...be.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06-12-2022 05:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5ae09520f212f6a8a46b62a2f59cec0e7f259d691718d7f4fac6fcfb8f7fccbe.exe

  • Size

    326KB

  • MD5

    5e632a9a6a06a79016aa12814f54164b

  • SHA1

    4d85564aa024da95afb394b6baf4b1aee8974721

  • SHA256

    5ae09520f212f6a8a46b62a2f59cec0e7f259d691718d7f4fac6fcfb8f7fccbe

  • SHA512

    6a7289ae208e86443079115659540f26238fab2e41a2c6133d3d0a5813e7aa41804ac82a068ecb399bfc826c2b9bfd0da229a3957393b9c4f08e5a756c2c04e7

  • SSDEEP

    6144:fzfNzcAGr1mhiAuWJ8Jvfk+cy+dj1quGqasvgTlkhBY8:5GRmhfJ8J0xBOuzvgZkhZ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\5ae09520f212f6a8a46b62a2f59cec0e7f259d691718d7f4fac6fcfb8f7fccbe.exe
    "C:\Users\Admin\AppData\Local\Temp\5ae09520f212f6a8a46b62a2f59cec0e7f259d691718d7f4fac6fcfb8f7fccbe.exe"
    1⤵
    • Loads dropped DLL
    PID:896

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsyF2DA.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    a5f8399a743ab7f9c88c645c35b1ebb5

    SHA1

    168f3c158913b0367bf79fa413357fbe97018191

    SHA256

    dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    SHA512

    824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyF2DA.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    a5f8399a743ab7f9c88c645c35b1ebb5

    SHA1

    168f3c158913b0367bf79fa413357fbe97018191

    SHA256

    dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    SHA512

    824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyF2DA.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    a5f8399a743ab7f9c88c645c35b1ebb5

    SHA1

    168f3c158913b0367bf79fa413357fbe97018191

    SHA256

    dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    SHA512

    824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyF2DA.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    a5f8399a743ab7f9c88c645c35b1ebb5

    SHA1

    168f3c158913b0367bf79fa413357fbe97018191

    SHA256

    dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    SHA512

    824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyF2DA.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    a5f8399a743ab7f9c88c645c35b1ebb5

    SHA1

    168f3c158913b0367bf79fa413357fbe97018191

    SHA256

    dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    SHA512

    824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyF2DA.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    a5f8399a743ab7f9c88c645c35b1ebb5

    SHA1

    168f3c158913b0367bf79fa413357fbe97018191

    SHA256

    dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    SHA512

    824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    Download Submit

  • memory/896-54-0x0000000075E31000-0x0000000075E33000-memory.dmp

    Filesize

    8KB

    Download