3150ea57c47370ffabeb0919abc3c3a08ede0e6528cbc4049cee138dea0d52d2

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 19:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3150ea57c47370ffabeb0919abc3c3a08ede0e6528cbc4049cee138dea0d52d2.exe
Size

311KB
MD5

402998ce59cf12aa63bf50f965605bdd
SHA1

ec7432fce3263d90afd31b572adfe84d0c1abdc4
SHA256

3150ea57c47370ffabeb0919abc3c3a08ede0e6528cbc4049cee138dea0d52d2
SHA512

972f48edb16808bdda725e0cc01699cf4909f66929027cfac6451c8db08c5f2e03c4340d8ba789bbd43a2b3fd03a09bf35cb5cd1a88a8f3a5253bce21365b3a4
SSDEEP

6144:j+K0zxl/aEZlr7uLT7Z+NIPYWe5WFxR24kp6PKoi1ra:Kz+2qvZnYQF3OA2c

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
3140	3150ea57c47370ffabeb0919abc3c3a08ede0e6528cbc4049cee138dea0d52d2.exe
3140	3150ea57c47370ffabeb0919abc3c3a08ede0e6528cbc4049cee138dea0d52d2.exe
3140	3150ea57c47370ffabeb0919abc3c3a08ede0e6528cbc4049cee138dea0d52d2.exe
3140	3150ea57c47370ffabeb0919abc3c3a08ede0e6528cbc4049cee138dea0d52d2.exe
3140	3150ea57c47370ffabeb0919abc3c3a08ede0e6528cbc4049cee138dea0d52d2.exe
3140	3150ea57c47370ffabeb0919abc3c3a08ede0e6528cbc4049cee138dea0d52d2.exe
3140	3150ea57c47370ffabeb0919abc3c3a08ede0e6528cbc4049cee138dea0d52d2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\3150ea57c47370ffabeb0919abc3c3a08ede0e6528cbc4049cee138dea0d52d2.exe
"C:\Users\Admin\AppData\Local\Temp\3150ea57c47370ffabeb0919abc3c3a08ede0e6528cbc4049cee138dea0d52d2.exe"
1⤵
- Loads dropped DLL
PID:3140

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsa6E99.tmp\nsisdl.dll

Filesize
14KB

MD5
1dadb63a5dfaa0679485c5dbaf96033f

SHA1
d1717aab683c55bd13bbd520d2a91178efa0d676

SHA256
72c65f7cd4a611b077b1ad0be8185780909e9cb04c53ecdac3e17fc72c99b245

SHA512
46535c2d96937d49ee7c222428db4a8d61eb346efa0845fcd88e06523ed7836518e5a72d623e9c5563bf6759b449b6d2fcb0340b98a6e7966027bc983db4f722

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6E99.tmp\nsisdl.dll

Filesize
14KB

MD5
1dadb63a5dfaa0679485c5dbaf96033f

SHA1
d1717aab683c55bd13bbd520d2a91178efa0d676

SHA256
72c65f7cd4a611b077b1ad0be8185780909e9cb04c53ecdac3e17fc72c99b245

SHA512
46535c2d96937d49ee7c222428db4a8d61eb346efa0845fcd88e06523ed7836518e5a72d623e9c5563bf6759b449b6d2fcb0340b98a6e7966027bc983db4f722

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6E99.tmp\nsisdl.dll

Filesize
14KB

MD5
1dadb63a5dfaa0679485c5dbaf96033f

SHA1
d1717aab683c55bd13bbd520d2a91178efa0d676

SHA256
72c65f7cd4a611b077b1ad0be8185780909e9cb04c53ecdac3e17fc72c99b245

SHA512
46535c2d96937d49ee7c222428db4a8d61eb346efa0845fcd88e06523ed7836518e5a72d623e9c5563bf6759b449b6d2fcb0340b98a6e7966027bc983db4f722

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6E99.tmp\nsisdl.dll

Filesize
14KB

MD5
1dadb63a5dfaa0679485c5dbaf96033f

SHA1
d1717aab683c55bd13bbd520d2a91178efa0d676

SHA256
72c65f7cd4a611b077b1ad0be8185780909e9cb04c53ecdac3e17fc72c99b245

SHA512
46535c2d96937d49ee7c222428db4a8d61eb346efa0845fcd88e06523ed7836518e5a72d623e9c5563bf6759b449b6d2fcb0340b98a6e7966027bc983db4f722

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6E99.tmp\nsisdl.dll

Filesize
14KB

MD5
1dadb63a5dfaa0679485c5dbaf96033f

SHA1
d1717aab683c55bd13bbd520d2a91178efa0d676

SHA256
72c65f7cd4a611b077b1ad0be8185780909e9cb04c53ecdac3e17fc72c99b245

SHA512
46535c2d96937d49ee7c222428db4a8d61eb346efa0845fcd88e06523ed7836518e5a72d623e9c5563bf6759b449b6d2fcb0340b98a6e7966027bc983db4f722

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6E99.tmp\nsisdl.dll

Filesize
14KB

MD5
1dadb63a5dfaa0679485c5dbaf96033f

SHA1
d1717aab683c55bd13bbd520d2a91178efa0d676

SHA256
72c65f7cd4a611b077b1ad0be8185780909e9cb04c53ecdac3e17fc72c99b245

SHA512
46535c2d96937d49ee7c222428db4a8d61eb346efa0845fcd88e06523ed7836518e5a72d623e9c5563bf6759b449b6d2fcb0340b98a6e7966027bc983db4f722

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa6E99.tmp\nsisdl.dll

Filesize
14KB

MD5
1dadb63a5dfaa0679485c5dbaf96033f

SHA1
d1717aab683c55bd13bbd520d2a91178efa0d676

SHA256
72c65f7cd4a611b077b1ad0be8185780909e9cb04c53ecdac3e17fc72c99b245

SHA512
46535c2d96937d49ee7c222428db4a8d61eb346efa0845fcd88e06523ed7836518e5a72d623e9c5563bf6759b449b6d2fcb0340b98a6e7966027bc983db4f722

Download Submit