a21a9d5389728fdac6a7288953dddeea774ef2bee07f1caf7ea20bbed8f5a2c6

Resubmissions

05-02-2023 01:33

230205-byjz3aba8w 8

Analysis

max time kernel
91s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05-02-2023 01:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ADE_4.5_Installer.exe
Size

8.6MB
MD5

1efcd0c92784169fc1eec4e87788f6e8
SHA1

585e9eb828859ec005a5c280ff99408e65df1cb8
SHA256

a21a9d5389728fdac6a7288953dddeea774ef2bee07f1caf7ea20bbed8f5a2c6
SHA512

96353fa0dfba41c13f8742aac480dc14484107a285edf5c2d6e191c7f39fe3c78ccb68c226fbecd566fcd11561145c6dfdc187264d6d36959917eea3e0d1b5b9
SSDEEP

196608:/MUfuaC/K12qiyD6dmS/qY2fvYG2zZ8igA7Tt:EUWaK8iU6AsevY9ZUKt

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
4684	ADE_4.5_Installer.exe
4684	ADE_4.5_Installer.exe
4684	ADE_4.5_Installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\ADE_4.5_Installer.exe
"C:\Users\Admin\AppData\Local\Temp\ADE_4.5_Installer.exe"
1⤵
- Loads dropped DLL
PID:4684

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nslF17B.tmp\System.dll

Filesize
11KB

MD5
3f176d1ee13b0d7d6bd92e1c7a0b9bae

SHA1
fe582246792774c2c9dd15639ffa0aca90d6fd0b

SHA256
fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e

SHA512
0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslF17B.tmp\UAC.dll

Filesize
14KB

MD5
4814167aa1c7ec892e84907094646faa

SHA1
a57a5ecbdfa9a8777a3c587f1acb02b783afc5ee

SHA256
32dd7269abf5a0e5db888e307d9df313e87cef4f1b597965a9d8e00934658822

SHA512
fb1f35e393997ecd2301f371892b59574ee6b666095c3a435336160481f6ef7ed5635c90ce5d2cf88e5ef4a5affb46cb841b7d17e7981bd6e998531193f5d067

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslF17B.tmp\UAC.dll

Filesize
14KB

MD5
4814167aa1c7ec892e84907094646faa

SHA1
a57a5ecbdfa9a8777a3c587f1acb02b783afc5ee

SHA256
32dd7269abf5a0e5db888e307d9df313e87cef4f1b597965a9d8e00934658822

SHA512
fb1f35e393997ecd2301f371892b59574ee6b666095c3a435336160481f6ef7ed5635c90ce5d2cf88e5ef4a5affb46cb841b7d17e7981bd6e998531193f5d067

Download Submit
memory/4684-135-0x00000000032A1000-0x00000000032A4000-memory.dmp

Filesize
12KB

Download