85156b6391d646dfd0a9e8fbfba5bf234e1f629c78f0844034330a862fd77c1c

Analysis

max time kernel
91s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
22-01-2023 16:12

Target

046d-uipak_x32[1].exe
Size

312KB
MD5

391d2487595ef8e8368b9271abc76799
SHA1

bfa7d96b893ca7fea349ba8d01a4f6ac17fbd968
SHA256

85156b6391d646dfd0a9e8fbfba5bf234e1f629c78f0844034330a862fd77c1c
SHA512

ebc133e44f16bcb40046ded9539c0adb168c37a0e9f4865735bfd38a3a02d853fd6e5a38b59cd45fc48ae31e5cb879142f981d67a07b84591aa74e4cc81bbe2e
SSDEEP

6144:tzZZxgKlrEf08BCxkA6IGfA9TlM432wa7AfNgm2/xqHTi0zY108OiI:tzZz3wf0YWkIGoBMJ5QN3neVO/

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

046d-uipak_x32[1].exe

pid process

2372 046d-uipak_x32[1].exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
2372	046d-uipak_x32[1].exe

C:\Users\Admin\AppData\Local\Temp\046d-uipak_x32[1].exe
"C:\Users\Admin\AppData\Local\Temp\046d-uipak_x32[1].exe"
1⤵
- Loads dropped DLL
PID:2372

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\nsy7797.tmp\LangDLL.dll
Filesize
5KB

MD5
8e806ea2e205dc508a2fb5adda3419db

SHA1
21beab4e309b139fdcca7dd708df8dbbfd2dd5a3

SHA256
86a55734b8802051bbbd0e8c9c506d0ca985bc5c99113e99b309469046133937

SHA512
6b362bdadd6801ceb6106485015a4ae6d227dc04c1397a730ac8fd44b00649876ee7cbd0d7690b41dcaa8451c94e9f5838daa9fbc21f7306740de89667468cc1

Download Submit