Overview

overview

7

Static

static

1

763c8cbffa...ff.exe

windows7-x64

7

763c8cbffa...ff.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-03-2023 21:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    763c8cbffa932d5122cf5e104d2c75584ac26d53fc6312cfc84cf1a4dfef58ff.exe

  • Size

    29.0MB

  • MD5

    a19ef72096bbec63f69f9180b54e1aa3

  • SHA1

    78712fe731cadb0fe01a9e8b5f486965a0a9241c

  • SHA256

    763c8cbffa932d5122cf5e104d2c75584ac26d53fc6312cfc84cf1a4dfef58ff

  • SHA512

    2567662c8bf1070771e1b4d486b75ebfbeba85a69c800034495ef23455b5a4db0c4b229c8f7a12b252da8efa4377b2f6559184971a72d3b0553c0484eda1ae43

  • SSDEEP

    786432:amoAjf4ha+KjkYe5p1eH4fEAmQIJQFjXV2ntl:3oA8g+KIYUp1zf6I2nb

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 17 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\763c8cbffa932d5122cf5e104d2c75584ac26d53fc6312cfc84cf1a4dfef58ff.exe
    "C:\Users\Admin\AppData\Local\Temp\763c8cbffa932d5122cf5e104d2c75584ac26d53fc6312cfc84cf1a4dfef58ff.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:620

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsc74AA.tmp\FindProcDLL.dll
    Filesize

    3KB

    MD5

    8614c450637267afacad1645e23ba24a

    SHA1

    e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

    SHA256

    0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

    SHA512

    af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc74AA.tmp\FindProcDLL.dll
    Filesize

    3KB

    MD5

    8614c450637267afacad1645e23ba24a

    SHA1

    e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

    SHA256

    0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

    SHA512

    af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc74AA.tmp\FindProcDLL.dll
    Filesize

    3KB

    MD5

    8614c450637267afacad1645e23ba24a

    SHA1

    e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

    SHA256

    0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

    SHA512

    af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc74AA.tmp\FindProcDLL.dll
    Filesize

    3KB

    MD5

    8614c450637267afacad1645e23ba24a

    SHA1

    e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

    SHA256

    0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

    SHA512

    af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc74AA.tmp\FindProcDLL.dll
    Filesize

    3KB

    MD5

    8614c450637267afacad1645e23ba24a

    SHA1

    e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

    SHA256

    0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

    SHA512

    af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc74AA.tmp\FindProcDLL.dll
    Filesize

    3KB

    MD5

    8614c450637267afacad1645e23ba24a

    SHA1

    e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

    SHA256

    0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

    SHA512

    af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc74AA.tmp\FindProcDLL.dll
    Filesize

    3KB

    MD5

    8614c450637267afacad1645e23ba24a

    SHA1

    e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

    SHA256

    0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

    SHA512

    af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc74AA.tmp\FindProcDLL.dll
    Filesize

    3KB

    MD5

    8614c450637267afacad1645e23ba24a

    SHA1

    e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

    SHA256

    0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

    SHA512

    af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc74AA.tmp\FindProcDLL.dll
    Filesize

    3KB

    MD5

    8614c450637267afacad1645e23ba24a

    SHA1

    e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

    SHA256

    0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

    SHA512

    af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc74AA.tmp\FindProcDLL.dll
    Filesize

    3KB

    MD5

    8614c450637267afacad1645e23ba24a

    SHA1

    e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

    SHA256

    0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

    SHA512

    af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc74AA.tmp\FindProcDLL.dll
    Filesize

    3KB

    MD5

    8614c450637267afacad1645e23ba24a

    SHA1

    e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

    SHA256

    0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

    SHA512

    af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc74AA.tmp\Plugin.dll
    Filesize

    7KB

    MD5

    f8c6be4534527ae360896d27ef13f8f0

    SHA1

    4bfc19b914ba4e172d8b3e23cecbb1a4a55cec9b

    SHA256

    ecce600248987d7de517f76da769e6dffdcb1cd4aa0e0a8f1928a40ece500ab3

    SHA512

    0a314c3723ae777fb59e64a0c740481e8a7215ba7b1c2d923aec04ff0f87e16bea8e3d220e93fde233756abc6e8c45b82c57bd297689ce1c715620bc20ea59a8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc74AA.tmp\Plugin.dll
    Filesize

    7KB

    MD5

    f8c6be4534527ae360896d27ef13f8f0

    SHA1

    4bfc19b914ba4e172d8b3e23cecbb1a4a55cec9b

    SHA256

    ecce600248987d7de517f76da769e6dffdcb1cd4aa0e0a8f1928a40ece500ab3

    SHA512

    0a314c3723ae777fb59e64a0c740481e8a7215ba7b1c2d923aec04ff0f87e16bea8e3d220e93fde233756abc6e8c45b82c57bd297689ce1c715620bc20ea59a8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc74AA.tmp\Plugin.dll
    Filesize

    7KB

    MD5

    f8c6be4534527ae360896d27ef13f8f0

    SHA1

    4bfc19b914ba4e172d8b3e23cecbb1a4a55cec9b

    SHA256

    ecce600248987d7de517f76da769e6dffdcb1cd4aa0e0a8f1928a40ece500ab3

    SHA512

    0a314c3723ae777fb59e64a0c740481e8a7215ba7b1c2d923aec04ff0f87e16bea8e3d220e93fde233756abc6e8c45b82c57bd297689ce1c715620bc20ea59a8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc74AA.tmp\System.dll
    Filesize

    11KB

    MD5

    6f5257c0b8c0ef4d440f4f4fce85fb1b

    SHA1

    b6ac111dfb0d1fc75ad09c56bde7830232395785

    SHA256

    b7ccb923387cc346731471b20fc3df1ead13ec8c2e3147353c71bb0bd59bc8b1

    SHA512

    a3cc27f1efb52fb8ecda54a7c36ada39cefeabb7b16f2112303ea463b0e1a4d745198d413eebb3551e012c84a20dcdf4359e511e51bc3f1a60b13f1e3bad1aa8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc74AA.tmp\UIEx.dll
    Filesize

    7KB

    MD5

    707dc5482d624134a4a4a23ac9051fa2

    SHA1

    adf5ae9aef11e462e1f436f193ab9003b28dc82c

    SHA256

    a4582553f632a265a3d3bd87a0ba4336a52b4e3c27b81ce8122604e8937b368c

    SHA512

    dee9fed3305871da703343fc4f33c3dca3bc893e3c5e9dfb7d6eba8676fa4ee47b783bc631c772233388f09cb9b41b4d4bc5b7ae0f438d2415885aecef6eb011

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc74AA.tmp\UIEx.dll
    Filesize

    7KB

    MD5

    707dc5482d624134a4a4a23ac9051fa2

    SHA1

    adf5ae9aef11e462e1f436f193ab9003b28dc82c

    SHA256

    a4582553f632a265a3d3bd87a0ba4336a52b4e3c27b81ce8122604e8937b368c

    SHA512

    dee9fed3305871da703343fc4f33c3dca3bc893e3c5e9dfb7d6eba8676fa4ee47b783bc631c772233388f09cb9b41b4d4bc5b7ae0f438d2415885aecef6eb011

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc74AA.tmp\UIEx.dll
    Filesize

    7KB

    MD5

    707dc5482d624134a4a4a23ac9051fa2

    SHA1

    adf5ae9aef11e462e1f436f193ab9003b28dc82c

    SHA256

    a4582553f632a265a3d3bd87a0ba4336a52b4e3c27b81ce8122604e8937b368c

    SHA512

    dee9fed3305871da703343fc4f33c3dca3bc893e3c5e9dfb7d6eba8676fa4ee47b783bc631c772233388f09cb9b41b4d4bc5b7ae0f438d2415885aecef6eb011

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc74AA.tmp\checkbox.png
    Filesize

    1KB

    MD5

    e666a6c43417f6028a051719826dacab

    SHA1

    bfa09c24952418168dd1149c04578b3da6295c46

    SHA256

    737dda4465e3417ccc6cb7160b56aee93b4a7fb1bbf3dda00d4edd5b60d78000

    SHA512

    536dc9c32dd9bc91773c28fc1f45285d9a48864988ebaa6ef69dc49655c7ef811f0b2bce7482b292446428682b42b3fe35fc243810f13a7ebaebc3c7ef82ad3b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc74AA.tmp\nsDialogs.dll
    Filesize

    100KB

    MD5

    fe73cbae47e811cbf61bafdf4f806bbd

    SHA1

    ad2170da1a040d694ed33003e4f19e2c460161fb

    SHA256

    4a00c0d88518ac8511832c95f10b9e41efe404b3fe8aeced81c017edd3fb42e6

    SHA512

    a996f0a18ecbd3543b0f40ca19db50d3639ff6bba3b6173ecd7190366376f035fed73c07df838bf778298d463739a6e0b66d113c01f75e367308b3c805a211c5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc74AA.tmp\nsDialogs.dll
    Filesize

    100KB

    MD5

    fe73cbae47e811cbf61bafdf4f806bbd

    SHA1

    ad2170da1a040d694ed33003e4f19e2c460161fb

    SHA256

    4a00c0d88518ac8511832c95f10b9e41efe404b3fe8aeced81c017edd3fb42e6

    SHA512

    a996f0a18ecbd3543b0f40ca19db50d3639ff6bba3b6173ecd7190366376f035fed73c07df838bf778298d463739a6e0b66d113c01f75e367308b3c805a211c5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc74AA.tmp\nsDialogs.dll
    Filesize

    100KB

    MD5

    fe73cbae47e811cbf61bafdf4f806bbd

    SHA1

    ad2170da1a040d694ed33003e4f19e2c460161fb

    SHA256

    4a00c0d88518ac8511832c95f10b9e41efe404b3fe8aeced81c017edd3fb42e6

    SHA512

    a996f0a18ecbd3543b0f40ca19db50d3639ff6bba3b6173ecd7190366376f035fed73c07df838bf778298d463739a6e0b66d113c01f75e367308b3c805a211c5

    Download Submit

  • memory/620-200-0x0000000005230000-0x000000000524D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/620-224-0x0000000005230000-0x0000000005233000-memory.dmp

    Filesize

    12KB

    Download