Overview

overview

7

Static

static

1

a5496cffc6...9a.exe

windows7-x64

7

a5496cffc6...9a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-03-2023 01:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a5496cffc6344a511d26aea03ba57e1705c33c3ab481fe5cd56fa761a96cb69a.exe

  • Size

    28.3MB

  • MD5

    e0264557ed3ca00c7fca49819887d3c0

  • SHA1

    8fd88c3cad2e6a1f6e1dd15723a721f20524054f

  • SHA256

    a5496cffc6344a511d26aea03ba57e1705c33c3ab481fe5cd56fa761a96cb69a

  • SHA512

    2cf4a7a74826041792fbac782dff5078cdff7293056c1c750d887b912180a36b448617e8daacf276da0b2c3230ee9fca4496e21198e45945c455bde83d80fd20

  • SSDEEP

    786432:QC/Ee9o22nGcYuKfjSmzQ4RTtq4ENN4cXBjQ6Joy:Qje992n3bKf2mzQ4RTU5NN4822

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\a5496cffc6344a511d26aea03ba57e1705c33c3ab481fe5cd56fa761a96cb69a.exe
    "C:\Users\Admin\AppData\Local\Temp\a5496cffc6344a511d26aea03ba57e1705c33c3ab481fe5cd56fa761a96cb69a.exe"
    1⤵
    • Loads dropped DLL
    PID:1448

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsm814B.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    0dc0cc7a6d9db685bf05a7e5f3ea4781

    SHA1

    5d8b6268eeec9d8d904bc9d988a4b588b392213f

    SHA256

    8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

    SHA512

    814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\nsm814B.tmp\ioSpecial.ini
    Filesize

    678B

    MD5

    45365ff3f15daed897090bb8aba3d1e6

    SHA1

    31a6ceecb65bc95e4156ac61a145533d6e54c3a4

    SHA256

    7e268dcb056b24c3a90be8684f74481b172ee24a56bca6dc328916adcc29897c

    SHA512

    689a76f7167d07d25efeb4829c75fd7c327cfab8e1e98186e90443ab8d43faf896aee50efd084e700e95ccb08ef77d78d77528f95fb1d5c2177fbd115f632e29

    Download Submit