0e7bee00fc6d44aa4e47f94e914104ff0c7783b65be2b724861557608cee864c

Analysis

max time kernel
80s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2023, 19:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e7bee00fc6d44aa4e47f94e914104ff0c7783b65be2b724861557608cee864c.exe
Size

22.7MB
MD5

005432d4791cde952673679d85e6eb17
SHA1

dc69d41bba4af24594e6fc3c7eb8b3d598a24455
SHA256

0e7bee00fc6d44aa4e47f94e914104ff0c7783b65be2b724861557608cee864c
SHA512

dfa0cb829108155296c35b03c74b7e171c86ed60f3a823eac54000c318a834932b0a72edfaa5d0a1cfebe1baebf0d5b1166d6baee734bafa8cbfb948081a4085
SSDEEP

393216:5kI2/jmGVHQLIUVv+8DuDo4IMpMBchLr5WjtfZXawGMmADjnownKefU0+i9hz0k/:CbmGVoao4ROI6fFatM37Kc3iyfd3xxR

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
4720	0e7bee00fc6d44aa4e47f94e914104ff0c7783b65be2b724861557608cee864c.exe
4720	0e7bee00fc6d44aa4e47f94e914104ff0c7783b65be2b724861557608cee864c.exe
4720	0e7bee00fc6d44aa4e47f94e914104ff0c7783b65be2b724861557608cee864c.exe
4720	0e7bee00fc6d44aa4e47f94e914104ff0c7783b65be2b724861557608cee864c.exe
4720	0e7bee00fc6d44aa4e47f94e914104ff0c7783b65be2b724861557608cee864c.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\0e7bee00fc6d44aa4e47f94e914104ff0c7783b65be2b724861557608cee864c.exe
"C:\Users\Admin\AppData\Local\Temp\0e7bee00fc6d44aa4e47f94e914104ff0c7783b65be2b724861557608cee864c.exe"
1⤵
- Loads dropped DLL
PID:4720

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsd8F94.tmp\InstallOptions.dll

Filesize
14KB

MD5
2a03c4a7ac5ee5e0e0a683949f70971b

SHA1
3bd9877caaea4804c0400420494ad1143179dcec

SHA256
d4f0042d8e7622b7e14395e926dd02edab3cdc77e82d88108b67a4d2cee9229b

SHA512
1942cdb522859f8dba46824786e361794a62e6201279201e1e0e2e07499fb6252933c5661782fccd77291c3650cafb2a7a08eee5431c8238f0da44840ee4c476

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8F94.tmp\InstallOptions.dll

Filesize
14KB

MD5
2a03c4a7ac5ee5e0e0a683949f70971b

SHA1
3bd9877caaea4804c0400420494ad1143179dcec

SHA256
d4f0042d8e7622b7e14395e926dd02edab3cdc77e82d88108b67a4d2cee9229b

SHA512
1942cdb522859f8dba46824786e361794a62e6201279201e1e0e2e07499fb6252933c5661782fccd77291c3650cafb2a7a08eee5431c8238f0da44840ee4c476

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8F94.tmp\LangDLL.dll

Filesize
5KB

MD5
ebd0da54db9f12ffd15206cc24355793

SHA1
910be3bebdde55eb1ce05915a79f01ebdc622786

SHA256
4066a0cbd9f6bb13c0f6fb064d4647ef7bc68a1be3d0caa4460b5ffd9ed1e0e6

SHA512
cee09db96267b1a30477ff074988606bdf35f9a5aa798a9a10029b11c0c347ab42a124320d777acde458828954cc8cf1a489b1673b31d589cdc4f50d4b86659d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8F94.tmp\System.dll

Filesize
11KB

MD5
6f5257c0b8c0ef4d440f4f4fce85fb1b

SHA1
b6ac111dfb0d1fc75ad09c56bde7830232395785

SHA256
b7ccb923387cc346731471b20fc3df1ead13ec8c2e3147353c71bb0bd59bc8b1

SHA512
a3cc27f1efb52fb8ecda54a7c36ada39cefeabb7b16f2112303ea463b0e1a4d745198d413eebb3551e012c84a20dcdf4359e511e51bc3f1a60b13f1e3bad1aa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8F94.tmp\UserInfo.dll

Filesize
4KB

MD5
8ef0e4eb7c89cdd2b552de746f5e2a53

SHA1
820f681e7cec409a02b194a487d1c8af1038acf0

SHA256
41293b9f6588e0fbdc8fcf2a9bd8e2b244cd5ff038fc13033378da337219c9dc

SHA512
a68533e8a19637d0d44219549b24baba0dc4824424842f125600fda3edcafc4bb6bb340d57a00815f262d82373b440d58d6e4e5b2ceb29bb3f6bc4cbde66c3c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8F94.tmp\ioSpecial.ini

Filesize
711B

MD5
2a8997690ce5bdbea7e6120cd72617d5

SHA1
a06e3808e874f1e07100f1edb75f360521124b15

SHA256
c6e2c1a9a76836f987f81a302bfcf6d3c533c13d8eece93b4224e05fe70ea648

SHA512
5f448184f4fc22377be7356a58ee35a614021f7e01e135b2eb39207dff46349c41bd1dfe30e83a6bfe8d550b908f9a13e00ef41db2dd1eb2d435ec0f27485072

Download Submit