6716cd8582e2333a34f4c212f93c484d393ab6a2e97a6cc52dbd4055855a5a41

Analysis

max time kernel
22s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03/03/2023, 12:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6716cd8582e2333a34f4c212f93c484d393ab6a2e97a6cc52dbd4055855a5a41.exe
Size

364KB
MD5

843014486437eee21f303ae4f13c467e
SHA1

373537803c1cb10c91f8436fd3e4b4ebb4039394
SHA256

6716cd8582e2333a34f4c212f93c484d393ab6a2e97a6cc52dbd4055855a5a41
SHA512

83be2a9fde4d1ed9b0d2d62c9125d4bad9a4aca3434fc1d05537c27730396be13cf949976e039f9b3ee82710fb933eea48bb23f359ed34451f059160b52ea57f
SSDEEP

6144:Q4t6LsTlQAx9gf9PcbSyryUlBEiVsYQihwjzsqcM6L+A:QkTldclPcbSyrbleiVspihCHcNT

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
368	6716cd8582e2333a34f4c212f93c484d393ab6a2e97a6cc52dbd4055855a5a41.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Verdensprocesserne\Misbrugen\Torkilds\counterstimulate.ini	6716cd8582e2333a34f4c212f93c484d393ab6a2e97a6cc52dbd4055855a5a41.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\fodboldklubbers\Thecium\Estimerende.ini	6716cd8582e2333a34f4c212f93c484d393ab6a2e97a6cc52dbd4055855a5a41.exe
File opened for modification	C:\Windows\resources\0409\Clapbread.Til	6716cd8582e2333a34f4c212f93c484d393ab6a2e97a6cc52dbd4055855a5a41.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\6716cd8582e2333a34f4c212f93c484d393ab6a2e97a6cc52dbd4055855a5a41.exe
"C:\Users\Admin\AppData\Local\Temp\6716cd8582e2333a34f4c212f93c484d393ab6a2e97a6cc52dbd4055855a5a41.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
PID:368

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nso6D17.tmp\System.dll

Filesize
11KB

MD5
17ed1c86bd67e78ade4712be48a7d2bd

SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0

SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Stueahornenes.lnk

Filesize
1KB

MD5
0564ca4821d531f59f4c19824410cd5b

SHA1
7ba739c93ec493165bf79ac510e10cea1d818779

SHA256
27f27124db57e417da10b85a2e4fdf52e7148d444222ff8276de6545bb5bfb4d

SHA512
966f3578394e5d626467c6647968305188b31f8059314f4a995887e6bfd778d9a476a0dda1ad747395a4aa0ffdfde1f35a1d80999565d3d5d72b1050e72851bf

Download Submit