Overview

overview

7

Static

static

1

8519a03aa0...c9.exe

windows7-x64

7

8519a03aa0...c9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    127s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    13/02/2023, 01:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8519a03aa0d21d13f1efb1db0556e8c9.exe

  • Size

    24.1MB

  • MD5

    8519a03aa0d21d13f1efb1db0556e8c9

  • SHA1

    b7f80a4b8f99983a04eea77d0a12c0e53853f8ed

  • SHA256

    c6f80d47185ea589ef60ad8bfe718ad53fce53b21127cfb2462a9dd3b0a8f111

  • SHA512

    d9d7c1c484cb709f720cafa67f5a04a588d9894ba78e464bbc1448757ccc55f5b52394e8e225b35c3c1b7fc1fdd769a35436ba09e53f52b54ab540791024395f

  • SSDEEP

    786432:oYxPoa3jweUUNCTPaYcsarbaQJWJphISmHzbLD0:LPokctPTRcssaiWPhISmHzg

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8519a03aa0d21d13f1efb1db0556e8c9.exe
    "C:\Users\Admin\AppData\Local\Temp\8519a03aa0d21d13f1efb1db0556e8c9.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1244

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\nst947.tmp\LangDLL.dll
          Filesize

          7KB

          MD5

          e63ef1970ce47e6b442f732f6a237ceb

          SHA1

          fd0d7c56a6a1f65429aad3ce362b9954c315a3a3

          SHA256

          3414ad90b96d6e708c1980ae1f5112d73115e73b7e69cba7a2dadb983b404f44

          SHA512

          79bfe13e99fc3271e639b0c056e618ba57b306171ab8d46aac2a02eaac1a700d33862876d0d1f289f1bf2ab59590d2d5b0d9e5e88f363b604d29809d2a20add7

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nst947.tmp\System.dll
          Filesize

          25KB

          MD5

          0746eae59fd51e70becf1a37b54577a4

          SHA1

          b539d65099a61b6df103a4a267558be246d1c264

          SHA256

          b928d418074e743b38976361ed0f6594f6bcab84b30c7c53adc4cd003c0a8036

          SHA512

          1ce4a1e267cfee39b9c716977c20ac186416c4d82d6abb84aba15a71a85c58953061f1c189cd60c76b0308370d53a838c6b9b2bb0b28dce2f92a7976fb3685fc

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nst947.tmp\nsDialogs.dll
          Filesize

          11KB

          MD5

          5d45ead0b209304c471da9ec7061b4b2

          SHA1

          33ac1d09246152f1493363d3d42e8b4bb6591f27

          SHA256

          50765fdb7fdbdae1f3bc2a05d554bb9f75a81035741197f292a45f0490d73f87

          SHA512

          89280091c7bb3cca63a6808b8a7626a2199caef92fe16354d30b5b9fdb572a66caf88b6a1acb03302a60a76a00fb583915d08be0483192172cc46e410fd05453

          Download Submit

        • memory/1244-54-0x0000000076AE1000-0x0000000076AE3000-memory.dmp

          Filesize

          8KB

          Download