Overview

overview

7

Static

static

1

29b4445b86...45.exe

windows7-x64

7

29b4445b86...45.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    18s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/03/2023, 11:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    29b4445b86d23ca403a9fa28186c302dc4809c82540fcce42a75bb97cb344645.exe

  • Size

    326KB

  • MD5

    94dcf58fd4d679ce1f25d5392f7d269b

  • SHA1

    b115f8356d2a290883240793edbe09e39920db32

  • SHA256

    29b4445b86d23ca403a9fa28186c302dc4809c82540fcce42a75bb97cb344645

  • SHA512

    e8c5e8709379fd5efa1af3e72e27b543c1182285efe4f8c27f5576c3f5b8c5e5f29e0175e6592d4fc9105c086dcef9ba51eba3d409e24d5f3af2d62d8c9f1d11

  • SSDEEP

    6144:d4t6LsTXjwvIwQ+zPvr04ftIXsxQvM0YQs8D/P3lj4r9jedWF:dkTD+Pz046F4ID/kidS

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\29b4445b86d23ca403a9fa28186c302dc4809c82540fcce42a75bb97cb344645.exe
    "C:\Users\Admin\AppData\Local\Temp\29b4445b86d23ca403a9fa28186c302dc4809c82540fcce42a75bb97cb344645.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Windows directory
    PID:2596

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsq8B0F.tmp\System.dll
          Filesize

          11KB

          MD5

          17ed1c86bd67e78ade4712be48a7d2bd

          SHA1

          1cc9fe86d6d6030b4dae45ecddce5907991c01a0

          SHA256

          bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

          SHA512

          0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Stueahornenes.lnk
          Filesize

          1KB

          MD5

          ead2d81b2c105bd1e4c34fff326079c1

          SHA1

          41fa589dc24c2ecc059f7df60819819b9d37e8a0

          SHA256

          fb485749539afba332672e1a32b4edb70dcf60a908ac03894586a161646d80c0

          SHA512

          5f9a85ed0f0c25377dc0f93152c004a02173b753f06e11005c81e9659ace9fc4ca68d4e86e9e5a3e6bf0c1f7c6173325a23b1cc5db5d0909c154161dc6a52f71

          Download Submit