c08afba3e6e228ae24ed6f804e6504652304911ce17832a7e2d5461a4205c3ab

Analysis

max time kernel
112s
max time network
28s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
04/03/2023, 20:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c08afba3e6e228ae24ed6f804e6504652304911ce17832a7e2d5461a4205c3ab.exe
Size

15.1MB
MD5

5ebc8712cb5398a5d3823cbd282ffe92
SHA1

4e57d905dda19460ea16694b8e7f950512d00bc9
SHA256

c08afba3e6e228ae24ed6f804e6504652304911ce17832a7e2d5461a4205c3ab
SHA512

515877628db791bdcf5460c8f9b850cfde2baef198fb21bac2b3c7d0d1e9cfb869b528401210e9d8dfaa477935b1565e45d82398a4e57f72456495cc20180057
SSDEEP

393216:fDoPbTkg8DQvIYALRYEpgt0d1ftbXde+QNEY6ht0pDCAF:f+beQvIYALRY4g0bd3Q5i0pDCAF

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1636	c08afba3e6e228ae24ed6f804e6504652304911ce17832a7e2d5461a4205c3ab.exe
1636	c08afba3e6e228ae24ed6f804e6504652304911ce17832a7e2d5461a4205c3ab.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1636	c08afba3e6e228ae24ed6f804e6504652304911ce17832a7e2d5461a4205c3ab.exe

C:\Users\Admin\AppData\Local\Temp\c08afba3e6e228ae24ed6f804e6504652304911ce17832a7e2d5461a4205c3ab.exe
"C:\Users\Admin\AppData\Local\Temp\c08afba3e6e228ae24ed6f804e6504652304911ce17832a7e2d5461a4205c3ab.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:1636

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nso1335.tmp\ioSpecial.ini

Filesize
725B

MD5
c2e18d2c75770e4f684925cf955f5b89

SHA1
5dcbd76d5d6222e580e5c74362ad7a9ad750544e

SHA256
220fa1f90d61c748eefb5814a54b5b1ac831ba007b295706a05919268b8b193e

SHA512
5b41f8b6fce3c307c8a0e9723ed8582f9586a8773b94d7b715314193d54c05c905f83ed2d238f8b9de3fd600bab28278835b1d21d203ead6c0b9925fd9225d94

Download Submit
\Users\Admin\AppData\Local\Temp\nso1335.tmp\AdvSplash.dll

Filesize
6KB

MD5
5c8304d47b05d5c517c00ec1074cb156

SHA1
def02fe16f79b78890d4794e176052bf88c0bb5f

SHA256
9ca143d49f17c5ae59b09be70e683002b6e9af1196258f8b76b718b091bc9ee6

SHA512
51b5b716d78804bbc957822555e2462b6b0b499044674d278d422e2917928d0823c27fa1dec69d0905dc651388c4d67551bbc806ac2da6ff3b87caf0018158d8

Download Submit
\Users\Admin\AppData\Local\Temp\nso1335.tmp\InstallOptions.dll

Filesize
14KB

MD5
f62d03fcb1473110e920a9bb2c701006

SHA1
c48444ef2daa60dcdf91f1645cd4ecd8e66545f7

SHA256
17e2f205af12d5a86638dc83c95fc69199c41af2fa6daeb1e91ec330f68c5372

SHA512
701d531d405d08054d53298141d5bbd56e74df7b22bcea5f9f0e5c4407421ea0ca9617aa84e740dc1dc44e6d14e58852c1ca2087213cc2319f2da44eaed0bc05

Download Submit