3b9bda54cfcf4b691a5ba968d354b5a63b4a90943c98a7963912d0bffc42355a

Analysis

max time kernel
29s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
14-01-2023 18:38

Target

3b9bda54cfcf4b691a5ba968d354b5a63b4a90943c98a7963912d0bffc42355a.exe
Size

255KB
MD5

43d111a49ebcb1fcf30c1d05975c323f
SHA1

5e6c7e72eb6840bc788f88c3674618ce99c2754a
SHA256

3b9bda54cfcf4b691a5ba968d354b5a63b4a90943c98a7963912d0bffc42355a
SHA512

3af3d7031dc3f8116e584c22d9d15bb1a3ad38c95357b8edef3de5ad61b9a9e1d65fd2bf8c1b046c77a0412956c62d0fbacf133a0ad1b4fe8b9c5f1f2796667a
SSDEEP

6144:BeTeM/nrKaNX3tV28MU7lEVF27vV1ILn6MU7lEVj:1MOaVtJa09Oneaj

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
1992	3b9bda54cfcf4b691a5ba968d354b5a63b4a90943c98a7963912d0bffc42355a.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\3b9bda54cfcf4b691a5ba968d354b5a63b4a90943c98a7963912d0bffc42355a.exe
"C:\Users\Admin\AppData\Local\Temp\3b9bda54cfcf4b691a5ba968d354b5a63b4a90943c98a7963912d0bffc42355a.exe"
1⤵
- Loads dropped DLL
PID:1992

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\Users\Admin\AppData\Local\Temp\nsiD4B.tmp\InetLoad.dll

Filesize
18KB

MD5
9206805fbd173ff227f0b257ee58c513

SHA1
740584936c137a66cc93ea22af40d71c328884c2

SHA256
d7a508c779e1f8a7330d02e37dd54bbbe6861730c83cd50c4fe0804fe199dd8c

SHA512
e668ed5826e3fb74175f16ccb17fed1a7511b8152699ab42f3477cc7a5fe52b07ff6557d87066609168c942c8a8fe7ac8a752001ec158851ebf5167ab907eedc

Download Submit
memory/1992-54-0x0000000075D51000-0x0000000075D53000-memory.dmp

Filesize
8KB

Download