95ff7bfa281e09d0decbb5c44cccb39099b91e9316f9dd5e0cd2c24e1190ab81

Analysis

max time kernel
142s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 09:08

Target

95ff7bfa281e09d0decbb5c44cccb39099b91e9316f9dd5e0cd2c24e1190ab81.exe
Size

75KB
MD5

1476140deb947a007d1e082cb0919e85
SHA1

e15aae68324a77b5b745261fe17e238a49fa4f94
SHA256

95ff7bfa281e09d0decbb5c44cccb39099b91e9316f9dd5e0cd2c24e1190ab81
SHA512

1c8c0de73cd76f5246b7399e6157d9c775000b643631f364a2e65299df7f52b79d721678afd0381ec79fce4ac91e973d19f35b61b841c1868c5bdd64a05d376a
SSDEEP

1536:nYTmwVUsW7dtJMHy0DxmJCd4Romu/TAkDDHkC3Q6NO1uWFr:YS17XJiDxmJ845oDV1OZFr

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
4912	95ff7bfa281e09d0decbb5c44cccb39099b91e9316f9dd5e0cd2c24e1190ab81.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\95ff7bfa281e09d0decbb5c44cccb39099b91e9316f9dd5e0cd2c24e1190ab81.exe
"C:\Users\Admin\AppData\Local\Temp\95ff7bfa281e09d0decbb5c44cccb39099b91e9316f9dd5e0cd2c24e1190ab81.exe"
1⤵
- Loads dropped DLL
PID:4912

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\nsi159.tmp\InstallOptions.dll

Filesize
14KB

MD5
271b5d1043c4402f08ddeae383f6979c

SHA1
2b88c58aa27bfb4979239579cd65d4c6c67a5295

SHA256
90485cb175686c3e97b32ebf99daa939c1a6f46e7031f71b72b81cd114fd5b51

SHA512
f8bd4b316726f05647162bb52a2aeb4a6cf5ee976fdb7817a3d25b868b83fb482c38d078f01d3a629afb0d6fa6ce409b2b3404398563137e22010074f529c11b

Download Submit