Analysis
-
max time kernel
199s -
max time network
209s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
08-12-2022 16:17
Static task
static1
Behavioral task
behavioral1
Sample
http___185.246.221.143_pl2.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
http___185.246.221.143_pl2.exe
Resource
win10v2004-20221111-en
General
-
Target
http___185.246.221.143_pl2.exe
-
Size
266KB
-
MD5
f919de1034edc7b8a4a5a8aa8f0067dd
-
SHA1
ce50421738d5fb3108fe147dfdea5733fb01e19e
-
SHA256
81ce31f6f3cd9a6a6037c411a1485bee35eaa93965fc6ccc2bd857c991fcad90
-
SHA512
946fafde24bf34a659d8df5bcd0db2ff3791b92c0fd36d96a9273436bbc75244cfb26cc9bf00d86370fc92d13d3e791905bc8f8fe97eb74e1ea3b556cd649b70
-
SSDEEP
6144:MtXZXPanzcQUuLgsNG0BPspB4nAFmklJB:Mtsz5DLgsp5ngDlj
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
http___185.246.221.143_pl2.exepid process 4108 http___185.246.221.143_pl2.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\nsb2FC8.tmp\System.dllFilesize
11KB
MD57399323923e3946fe9140132ac388132
SHA1728257d06c452449b1241769b459f091aabcffc5
SHA2565a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3
SHA512d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1
-
memory/4108-133-0x0000000003160000-0x0000000003261000-memory.dmpFilesize
1.0MB
-
memory/4108-134-0x0000000003160000-0x0000000003261000-memory.dmpFilesize
1.0MB