ccf900eccad279d3869856180b48efc9f82750e9487d3d482df29e74e8980935

Analysis

max time kernel
131s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
17-03-2023 09:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ccf900eccad279d3869856180b48efc9f82750e9487d3d482df29e74e8980935.exe
Size

30.1MB
MD5

271c5d220e41dd872476131ac6bd0504
SHA1

e3e3a377f706747a23dff588771c35c9657f4a27
SHA256

ccf900eccad279d3869856180b48efc9f82750e9487d3d482df29e74e8980935
SHA512

fd98934c68efdf3a6616c2bd8f36d163a75658aa7c240ed9ac8d63914ca44debe409e57e743483cc6ae1dcb167b48c51876ebfbf9adf74c148828c311a160c16
SSDEEP

786432:7sfYCJDJ7yARv099M3quEWfMCYoHieglEQWq3dybv1YYk:Qpj50s6+Yhn6AmdYJ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2004	ccf900eccad279d3869856180b48efc9f82750e9487d3d482df29e74e8980935.exe
2004	ccf900eccad279d3869856180b48efc9f82750e9487d3d482df29e74e8980935.exe
2004	ccf900eccad279d3869856180b48efc9f82750e9487d3d482df29e74e8980935.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2004	ccf900eccad279d3869856180b48efc9f82750e9487d3d482df29e74e8980935.exe

C:\Users\Admin\AppData\Local\Temp\ccf900eccad279d3869856180b48efc9f82750e9487d3d482df29e74e8980935.exe
"C:\Users\Admin\AppData\Local\Temp\ccf900eccad279d3869856180b48efc9f82750e9487d3d482df29e74e8980935.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2004

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsy2483.tmp\ioSpecial.ini

Filesize
704B

MD5
948537b36f78ee4ec669fcff38ff0b39

SHA1
1f5634636ced69ce11e05cf82e59c480cbcedfde

SHA256
7c9c2be08aa313e70268d095417ce20e88099e47d30aa549129578fd548a67fa

SHA512
d702681f6b37cb0ce289a48b5bd35632c53b97e9336b6fef3a0c293539cd346c79005111e4e27a55c19e87aae506adabab8084347f2f79bb095fda25772f74b4

Download Submit
\Users\Admin\AppData\Local\Temp\nsy2483.tmp\InstallOptions.dll

Filesize
14KB

MD5
2a03c4a7ac5ee5e0e0a683949f70971b

SHA1
3bd9877caaea4804c0400420494ad1143179dcec

SHA256
d4f0042d8e7622b7e14395e926dd02edab3cdc77e82d88108b67a4d2cee9229b

SHA512
1942cdb522859f8dba46824786e361794a62e6201279201e1e0e2e07499fb6252933c5661782fccd77291c3650cafb2a7a08eee5431c8238f0da44840ee4c476

Download Submit
\Users\Admin\AppData\Local\Temp\nsy2483.tmp\System.dll

Filesize
11KB

MD5
6f5257c0b8c0ef4d440f4f4fce85fb1b

SHA1
b6ac111dfb0d1fc75ad09c56bde7830232395785

SHA256
b7ccb923387cc346731471b20fc3df1ead13ec8c2e3147353c71bb0bd59bc8b1

SHA512
a3cc27f1efb52fb8ecda54a7c36ada39cefeabb7b16f2112303ea463b0e1a4d745198d413eebb3551e012c84a20dcdf4359e511e51bc3f1a60b13f1e3bad1aa8

Download Submit
\Users\Admin\AppData\Local\Temp\nsy2483.tmp\UserInfo.dll

Filesize
4KB

MD5
8ef0e4eb7c89cdd2b552de746f5e2a53

SHA1
820f681e7cec409a02b194a487d1c8af1038acf0

SHA256
41293b9f6588e0fbdc8fcf2a9bd8e2b244cd5ff038fc13033378da337219c9dc

SHA512
a68533e8a19637d0d44219549b24baba0dc4824424842f125600fda3edcafc4bb6bb340d57a00815f262d82373b440d58d6e4e5b2ceb29bb3f6bc4cbde66c3c5

Download Submit