Analysis

  • max time kernel
    128s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    10-03-2023 19:22

General

  • Target

    0e7bee00fc6d44aa4e47f94e914104ff0c7783b65be2b724861557608cee864c.exe

  • Size

    22.7MB

  • MD5

    005432d4791cde952673679d85e6eb17

  • SHA1

    dc69d41bba4af24594e6fc3c7eb8b3d598a24455

  • SHA256

    0e7bee00fc6d44aa4e47f94e914104ff0c7783b65be2b724861557608cee864c

  • SHA512

    dfa0cb829108155296c35b03c74b7e171c86ed60f3a823eac54000c318a834932b0a72edfaa5d0a1cfebe1baebf0d5b1166d6baee734bafa8cbfb948081a4085

  • SSDEEP

    393216:5kI2/jmGVHQLIUVv+8DuDo4IMpMBchLr5WjtfZXawGMmADjnownKefU0+i9hz0k/:CbmGVoao4ROI6fFatM37Kc3iyfd3xxR

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e7bee00fc6d44aa4e47f94e914104ff0c7783b65be2b724861557608cee864c.exe
    "C:\Users\Admin\AppData\Local\Temp\0e7bee00fc6d44aa4e47f94e914104ff0c7783b65be2b724861557608cee864c.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1744

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nso1077.tmp\ioSpecial.ini

    Filesize

    672B

    MD5

    faff690b367efaafc6782190a57b1c1e

    SHA1

    6ea2758190dbe7dc9a6abb7fbbc61086aa41e3cb

    SHA256

    53b4ac347af5432550cb9c278ee03eff0c67dee9dc1bc4ee5dfb4c214866238c

    SHA512

    f0ea77258e38c3e643253dece66bdb2ecb5aa4ad20ea513fad53f7737d597a6cb737a3da983088c18be642aab19d63703e2ddd1c20e6f2ea45e0849bd96f6785

  • \Users\Admin\AppData\Local\Temp\nso1077.tmp\InstallOptions.dll

    Filesize

    14KB

    MD5

    2a03c4a7ac5ee5e0e0a683949f70971b

    SHA1

    3bd9877caaea4804c0400420494ad1143179dcec

    SHA256

    d4f0042d8e7622b7e14395e926dd02edab3cdc77e82d88108b67a4d2cee9229b

    SHA512

    1942cdb522859f8dba46824786e361794a62e6201279201e1e0e2e07499fb6252933c5661782fccd77291c3650cafb2a7a08eee5431c8238f0da44840ee4c476

  • \Users\Admin\AppData\Local\Temp\nso1077.tmp\LangDLL.dll

    Filesize

    5KB

    MD5

    ebd0da54db9f12ffd15206cc24355793

    SHA1

    910be3bebdde55eb1ce05915a79f01ebdc622786

    SHA256

    4066a0cbd9f6bb13c0f6fb064d4647ef7bc68a1be3d0caa4460b5ffd9ed1e0e6

    SHA512

    cee09db96267b1a30477ff074988606bdf35f9a5aa798a9a10029b11c0c347ab42a124320d777acde458828954cc8cf1a489b1673b31d589cdc4f50d4b86659d

  • \Users\Admin\AppData\Local\Temp\nso1077.tmp\System.dll

    Filesize

    11KB

    MD5

    6f5257c0b8c0ef4d440f4f4fce85fb1b

    SHA1

    b6ac111dfb0d1fc75ad09c56bde7830232395785

    SHA256

    b7ccb923387cc346731471b20fc3df1ead13ec8c2e3147353c71bb0bd59bc8b1

    SHA512

    a3cc27f1efb52fb8ecda54a7c36ada39cefeabb7b16f2112303ea463b0e1a4d745198d413eebb3551e012c84a20dcdf4359e511e51bc3f1a60b13f1e3bad1aa8

  • \Users\Admin\AppData\Local\Temp\nso1077.tmp\UserInfo.dll

    Filesize

    4KB

    MD5

    8ef0e4eb7c89cdd2b552de746f5e2a53

    SHA1

    820f681e7cec409a02b194a487d1c8af1038acf0

    SHA256

    41293b9f6588e0fbdc8fcf2a9bd8e2b244cd5ff038fc13033378da337219c9dc

    SHA512

    a68533e8a19637d0d44219549b24baba0dc4824424842f125600fda3edcafc4bb6bb340d57a00815f262d82373b440d58d6e4e5b2ceb29bb3f6bc4cbde66c3c5

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.