c7c7227a636b4c612cdf3f3d803be3ef1cf8f9aedad1c5d6620e0b9f6e0931a8

Analysis

max time kernel
96s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2023 22:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WOMicClientSetup5_2.exe
Size

1.4MB
MD5

d8c68825b8a2cd1f00736b617240684c
SHA1

7b68a0832785021e8883cec41606e60fa4a887e6
SHA256

c7c7227a636b4c612cdf3f3d803be3ef1cf8f9aedad1c5d6620e0b9f6e0931a8
SHA512

15f79655b8cfefa402aca135e900881b266f6de3f6f2ada63b59303c0a9efac0175fb253ed640a4cfc2888c5e6954ab24c7c54d4532ca56c3b0a90107af02b05
SSDEEP

24576:Y12rpcEd5xQyaYXnCTZh5GYP7INP4w6ZtwZdsIAljoXHNAi7JYYDd+7PJms:QkzSy/nClDzBaZfuo3HYnPJd

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
4656	WOMicClientSetup5_2.exe
4656	WOMicClientSetup5_2.exe
4656	WOMicClientSetup5_2.exe
4656	WOMicClientSetup5_2.exe
4656	WOMicClientSetup5_2.exe
4656	WOMicClientSetup5_2.exe
4656	WOMicClientSetup5_2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\WOMicClientSetup5_2.exe
"C:\Users\Admin\AppData\Local\Temp\WOMicClientSetup5_2.exe"
1⤵
- Loads dropped DLL
PID:4656

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsf7B60.tmp\LangDLL.dll

Filesize
5KB

MD5
174708997758321cf926b69318c6c3f5

SHA1
645488089bf320f6864e0d0bc284c85216e56fbd

SHA256
f577b66492e97c7b8bf515398d8deb745abafd74f56fc03e67fce248ebbeb873

SHA512
214433597e04ca1ff9b4fe092d5d2997707a7c56f0f82c85d586088a200e4455028f3b9427d87b4f06f9252557d5be4b7a9138ea6a8d045df6209421fd8ca054

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf7B60.tmp\System.dll

Filesize
11KB

MD5
0ff2d70cfdc8095ea99ca2dabbec3cd7

SHA1
10c51496d37cecd0e8a503a5a9bb2329d9b38116

SHA256
982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b

SHA512
cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf7B60.tmp\System.dll

Filesize
11KB

MD5
0ff2d70cfdc8095ea99ca2dabbec3cd7

SHA1
10c51496d37cecd0e8a503a5a9bb2329d9b38116

SHA256
982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b

SHA512
cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf7B60.tmp\nsDialogs.dll

Filesize
9KB

MD5
d6c3dd680c6467d07d730255d0ee5d87

SHA1
57e7a1d142032652256291b8ed2703b3dc1dfa9b

SHA256
aedb5122c12037bcf5c79c2197d1474e759cf47c67c37cdb21cf27428854a55b

SHA512
c28613d6d91c1f1f7951116f114da1c49e5f4994c855e522930bb4a8bdd73f12cadf1c6dcb84fc8d9f983ec60a40ac39522d3f86695e17ec88da4bd91c7b6a51

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf7B60.tmp\nsDialogs.dll

Filesize
9KB

MD5
d6c3dd680c6467d07d730255d0ee5d87

SHA1
57e7a1d142032652256291b8ed2703b3dc1dfa9b

SHA256
aedb5122c12037bcf5c79c2197d1474e759cf47c67c37cdb21cf27428854a55b

SHA512
c28613d6d91c1f1f7951116f114da1c49e5f4994c855e522930bb4a8bdd73f12cadf1c6dcb84fc8d9f983ec60a40ac39522d3f86695e17ec88da4bd91c7b6a51

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf7B60.tmp\nsExec.dll

Filesize
6KB

MD5
01e76fe9d2033606a48d4816bd9c2d9d

SHA1
e46d8a9ed4d5da220c81baf5f1fdb94708e9aba2

SHA256
ee052fd5141bf769b841846170aabf0d7c2bb922c74c623c3f109344534f7a70

SHA512
62ef7095d1bf53354c20329c2ce8546c277aa0e791839c8a24108a01f9483a953979259e0ad04dbcab966444ee7cdd340f8c9557bc8f98e9400794f2751dc7e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf7B60.tmp\nsExec.dll

Filesize
6KB

MD5
01e76fe9d2033606a48d4816bd9c2d9d

SHA1
e46d8a9ed4d5da220c81baf5f1fdb94708e9aba2

SHA256
ee052fd5141bf769b841846170aabf0d7c2bb922c74c623c3f109344534f7a70

SHA512
62ef7095d1bf53354c20329c2ce8546c277aa0e791839c8a24108a01f9483a953979259e0ad04dbcab966444ee7cdd340f8c9557bc8f98e9400794f2751dc7e0

Download Submit
memory/4656-139-0x00000000031D1000-0x00000000031D3000-memory.dmp

Filesize
8KB

Download