Overview

overview

10

Static

static

TeraBox_1....1).exe

windows7-x64

10

TeraBox_1....1).exe

windows10-2004-x64

7

Analysis

  • max time kernel
    311s
  • max time network
    326s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-01-2023 14:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TeraBox_1.13.1.5 (1).exe

  • Size

    80.8MB

  • MD5

    403f3b034f8d216534f955688f468fab

  • SHA1

    f41b643a2744a933fb18130fb3dd3d2b0051518b

  • SHA256

    ded767690577af7c9513b14b6271c4d0f0309789b6dd2bcb2e47cb5aa017af53

  • SHA512

    7e30de1033f105905d30b36468d06ec38761620c63695e5aeb58d3763b6c613229913258c10a708604cfd502d362d14d8e16c76ce29c6a4124ec7b426860b780

  • SSDEEP

    1572864:WqUkKn6NpChkPSXgpUhBWXQi7/08StgJtctsuVSscPCrxn:hdFNAXXgqUF7jtXqv9F

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TeraBox_1.13.1.5 (1).exe
    "C:\Users\Admin\AppData\Local\Temp\TeraBox_1.13.1.5 (1).exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:224

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nshC675.tmp\NsisInstallUI.dll
    Filesize

    2.1MB

    MD5

    be1d5e6dad4d3856a8f91bf0d063a880

    SHA1

    7fb388fa6f6140161832be03d86046d905157004

    SHA256

    be26f092d2bb7b5ce76df39287b79a51b356a5acfd5d69b56d718b9ded9105b8

    SHA512

    fa56b75b93bfe261058960ed19476c138a653f4fb74edefd456c295c28539d78e6ad9402ab441a14728e9634ff1c8eb47d36278954509f9f10c6407d51565901

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nshC675.tmp\System.dll
    Filesize

    12KB

    MD5

    8cf2ac271d7679b1d68eefc1ae0c5618

    SHA1

    7cc1caaa747ee16dc894a600a4256f64fa65a9b8

    SHA256

    6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

    SHA512

    ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nshC675.tmp\nsProcessW.dll
    Filesize

    4KB

    MD5

    f0438a894f3a7e01a4aae8d1b5dd0289

    SHA1

    b058e3fcfb7b550041da16bf10d8837024c38bf6

    SHA256

    30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

    SHA512

    f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

    Download Submit