Overview

overview

7

Static

static

1

a5496cffc6...9a.exe

windows7-x64

7

a5496cffc6...9a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    129s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    19-03-2023 01:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a5496cffc6344a511d26aea03ba57e1705c33c3ab481fe5cd56fa761a96cb69a.exe

  • Size

    28.3MB

  • MD5

    e0264557ed3ca00c7fca49819887d3c0

  • SHA1

    8fd88c3cad2e6a1f6e1dd15723a721f20524054f

  • SHA256

    a5496cffc6344a511d26aea03ba57e1705c33c3ab481fe5cd56fa761a96cb69a

  • SHA512

    2cf4a7a74826041792fbac782dff5078cdff7293056c1c750d887b912180a36b448617e8daacf276da0b2c3230ee9fca4496e21198e45945c455bde83d80fd20

  • SSDEEP

    786432:QC/Ee9o22nGcYuKfjSmzQ4RTtq4ENN4cXBjQ6Joy:Qje992n3bKf2mzQ4RTU5NN4822

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a5496cffc6344a511d26aea03ba57e1705c33c3ab481fe5cd56fa761a96cb69a.exe
    "C:\Users\Admin\AppData\Local\Temp\a5496cffc6344a511d26aea03ba57e1705c33c3ab481fe5cd56fa761a96cb69a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1704

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsd2406.tmp\ioSpecial.ini
    Filesize

    690B

    MD5

    f68aa1934882b183e39bb3c270b936dc

    SHA1

    5759cba553244003f692186ee2a5881ba7a1dfbf

    SHA256

    417275ef4e6c970a262c8b598a4d3462cc23f7420f292cfc2801545faa760fac

    SHA512

    9d766c5e4f8faa35cd9d964cef4c3028def0d02504240852a9938e2553e1628323d77d2aef3ce8add86bbcb33e169c0576dbba7ec80ccf4352f0171ad0a57752

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\nsd2406.tmp\ioSpecial.ini
    Filesize

    678B

    MD5

    ed40df17587570e28d49f57e5e343bfb

    SHA1

    94ae83262cc9fd2da4cb3bfa00545af444dfd80b

    SHA256

    4324b27f9e88d4e50783f9ffa7a706907a1672e53e66c44b16c5125593d0ab05

    SHA512

    96f76d370115b9c163ac32f445798eba5baa4eff455f48ff789d069ad53f4aa0d1ee5192b335d481d701cb0e6a58dcab0164b97d95ea84d916d9910eac08e6a7

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nsd2406.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    0dc0cc7a6d9db685bf05a7e5f3ea4781

    SHA1

    5d8b6268eeec9d8d904bc9d988a4b588b392213f

    SHA256

    8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

    SHA512

    814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

    Download Submit