a4dd3762b7d5583ead527cd718c0ccf8f98f1b3f422946200173b5215a30af91

Analysis

max time kernel
91s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
20/12/2022, 03:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d82b6a6e7487b54f8a783a04c6c2130e.exe
Size

902KB
MD5

d82b6a6e7487b54f8a783a04c6c2130e
SHA1

c75dfa2c86ffdd69bbe5895b3d8f4f9ee3ccbd3c
SHA256

a4dd3762b7d5583ead527cd718c0ccf8f98f1b3f422946200173b5215a30af91
SHA512

080a590153eb1ef6f3ac5189f3e04fa929244dcda38c66d77a76edcef7677807151200c05ace57e34721fc868a72ecc190d65f5f5df682ec240ce8436cbf1f01
SSDEEP

24576:/2f8wr5yVTsEKYohtYui2wN7eKp3EE9mGMhkdBwQ:Of8wr6s1hWui9FEo2hWKQ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2728	d82b6a6e7487b54f8a783a04c6c2130e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main	d82b6a6e7487b54f8a783a04c6c2130e.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Enable Browser Extensions = "yes"	d82b6a6e7487b54f8a783a04c6c2130e.exe

C:\Users\Admin\AppData\Local\Temp\d82b6a6e7487b54f8a783a04c6c2130e.exe
"C:\Users\Admin\AppData\Local\Temp\d82b6a6e7487b54f8a783a04c6c2130e.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
PID:2728

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsv965B.tmp\InstallOptions.dll

Filesize
14KB

MD5
79be350c8381293abb045bbd2a7b5f0a

SHA1
0b4e6d482cae461e36c2b47661ef586545162e23

SHA256
3091623495d6e81bc0aa9182a55b0f93d3b2238102a44fd66943e46ed7eeaf51

SHA512
1d39bc13f2825bb4aee5832bc5c60603b62b3475e0075028a146981764e6796e68fdd752627f37f8bb198dcfce5a62efb6a6283366fc4874a8915008aa0a4c28

Download Submit