4ca1e55cdb5d7dd2371ebcc2274601accde491dce8ce2bc7ae717ead394d2c39

Analysis

max time kernel
122s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
17-12-2022 18:37

Target

4ca1e55cdb5d7dd2371ebcc2274601accde491dce8ce2bc7ae717ead394d2c39.exe
Size

19.7MB
MD5

1bc9ba75d1567802f337f65545a70948
SHA1

c20d2c0351f56eaab9e6c067ce6267f96f930277
SHA256

4ca1e55cdb5d7dd2371ebcc2274601accde491dce8ce2bc7ae717ead394d2c39
SHA512

468ee1c5c1aba839a473dafb39b41f57f169e3ec4aa0efd0f3219145faa1063611ff2af3f47e91c9d2bfdd679b25d7068312fa795f083c3783c0b4955299975c
SSDEEP

393216:CKvUiLyeN23ErL1m0fufMJ3mdAADN8eZekn07hvBknGgCHakv5B4:CgLyk2U34aubDxGhv2niakg

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
4956	4ca1e55cdb5d7dd2371ebcc2274601accde491dce8ce2bc7ae717ead394d2c39.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\4ca1e55cdb5d7dd2371ebcc2274601accde491dce8ce2bc7ae717ead394d2c39.exe
"C:\Users\Admin\AppData\Local\Temp\4ca1e55cdb5d7dd2371ebcc2274601accde491dce8ce2bc7ae717ead394d2c39.exe"
1⤵
- Loads dropped DLL
PID:4956

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\nsqE219.tmp\InstallOptions.dll

Filesize
14KB

MD5
d753362649aecd60ff434adf171a4e7f

SHA1
3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

SHA256
8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

SHA512
41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

Download Submit