c7405dd452e195eb3ad4e55cba811a612c5f3a526001e908700bec211fc3e10b

Analysis

max time kernel
78s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2023 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c7405dd452e195eb3ad4e55cba811a612c5f3a526001e908700bec211fc3e10b.exe
Size

31.3MB
MD5

63462ed26dcafdb7bea28ebac6ddd1d6
SHA1

26a78be58a4246bea40f70ae67a866addb378c8e
SHA256

c7405dd452e195eb3ad4e55cba811a612c5f3a526001e908700bec211fc3e10b
SHA512

195feb42eeade965ac4fdb4f5843b2251a23bb085b49495ab29254592ad01eac09515b70e577826031a5b32d93a09a4947f24d0eab78e2adb65401f8de23a5a4
SSDEEP

786432:v0QvrA/BfWNaZvgIsEYtYRaw5eIrlmJzla4PFwO8lcPBRS5kYekxWaAIm:v1rA/8qqPDOlmhlf8lcPBRoe9NIm

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

Processes:

c7405dd452e195eb3ad4e55cba811a612c5f3a526001e908700bec211fc3e10b.exe

pid	process
2476	c7405dd452e195eb3ad4e55cba811a612c5f3a526001e908700bec211fc3e10b.exe
2476	c7405dd452e195eb3ad4e55cba811a612c5f3a526001e908700bec211fc3e10b.exe
2476	c7405dd452e195eb3ad4e55cba811a612c5f3a526001e908700bec211fc3e10b.exe
2476	c7405dd452e195eb3ad4e55cba811a612c5f3a526001e908700bec211fc3e10b.exe
2476	c7405dd452e195eb3ad4e55cba811a612c5f3a526001e908700bec211fc3e10b.exe
2476	c7405dd452e195eb3ad4e55cba811a612c5f3a526001e908700bec211fc3e10b.exe
2476	c7405dd452e195eb3ad4e55cba811a612c5f3a526001e908700bec211fc3e10b.exe
2476	c7405dd452e195eb3ad4e55cba811a612c5f3a526001e908700bec211fc3e10b.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

c7405dd452e195eb3ad4e55cba811a612c5f3a526001e908700bec211fc3e10b.exe

pid	process
2476	c7405dd452e195eb3ad4e55cba811a612c5f3a526001e908700bec211fc3e10b.exe
2476	c7405dd452e195eb3ad4e55cba811a612c5f3a526001e908700bec211fc3e10b.exe

C:\Users\Admin\AppData\Local\Temp\c7405dd452e195eb3ad4e55cba811a612c5f3a526001e908700bec211fc3e10b.exe
"C:\Users\Admin\AppData\Local\Temp\c7405dd452e195eb3ad4e55cba811a612c5f3a526001e908700bec211fc3e10b.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2476

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsuBA4E.tmp\CreateInstallScript.dll
Filesize
103KB

MD5
383733ab733c06026f8d99f9167b28d8

SHA1
618e4d871fe2e7900948a829b36dd040029c9cfa

SHA256
08420683588475df478f98586700ae07331867514c62deafde31f7935325d41c

SHA512
202f38d32df2edec416ffe70304bdd729b6754f8782c33cc79712827399f8bc3cf16516e173c27ab961afcba7694a717ba7714178e102d3af24188fdfa7e80d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuBA4E.tmp\CreateInstallScript.dll
Filesize
103KB

MD5
383733ab733c06026f8d99f9167b28d8

SHA1
618e4d871fe2e7900948a829b36dd040029c9cfa

SHA256
08420683588475df478f98586700ae07331867514c62deafde31f7935325d41c

SHA512
202f38d32df2edec416ffe70304bdd729b6754f8782c33cc79712827399f8bc3cf16516e173c27ab961afcba7694a717ba7714178e102d3af24188fdfa7e80d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuBA4E.tmp\InstallOptions.dll
Filesize
15KB

MD5
1d8ade5c04339687340b9b4cb6b7854e

SHA1
f43e24e8615402161fdac02f9fb396808cc42afa

SHA256
83bf9c630141db8531d1c83bc783a79965f0e3438c84ab98f464fff2441c6f71

SHA512
121e7be13e120b1a1e958c6fb530cc642f8585190e0c9d44982d3337980c41742e1e455636005f01c7461ba365789d8bf9247643ab72620011ff31e684d8ef32

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuBA4E.tmp\LangDLL.dll
Filesize
4KB

MD5
12a4553bfb677393b102e5784a56cc39

SHA1
e16d55cffc5e2a5e891f3c5159fef5f2676dc639

SHA256
7309efa056b8958d5de7ebb4a96c00a92d3cf932a83beec721243f1649bbb3d5

SHA512
42a71229111a377f128e7d69dcddcf4a82f940c3e837519f6fede029596b8964ea27a3e52b8aa4f115182046ebdda227d8d2e9b11fc9a63c0e655325fad3e75e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuBA4E.tmp\Processes.dll
Filesize
35KB

MD5
53c49f56c890b3fc52318a0342008813

SHA1
45ad45f8c3ce765a96f8228f7038feb7db114c23

SHA256
48e2706c457b9d91fd36d07e20c6130864a16763b33f78c8dd8282c85b7eb3af

SHA512
7eb4c146ce9ccba47d489d8221ecba8a8a37681a27c22228aa52f56116cb3d4f726cb0c85c2448a7ef300f02abf12d1e03ca0f3b827958492983c9cd69e8c9ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuBA4E.tmp\System.dll
Filesize
9KB

MD5
b7c1799cd69553e6ac51fe329376b2b8

SHA1
21f47ffdb983360171317e4a8cc3b3e0523b0e8d

SHA256
596606a63b104da2c0e583605ab887031b8ad781102782ffccffb665e517f213

SHA512
4029f93cc8508cd665c7856d10c870af4441187dd2b18d0fc0029efc3e35d8a7df167cb54b3c5c682c9cd0f9f2f266323cf5dbef45e503d44210679acee3c133

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuBA4E.tmp\System.dll
Filesize
9KB

MD5
b7c1799cd69553e6ac51fe329376b2b8

SHA1
21f47ffdb983360171317e4a8cc3b3e0523b0e8d

SHA256
596606a63b104da2c0e583605ab887031b8ad781102782ffccffb665e517f213

SHA512
4029f93cc8508cd665c7856d10c870af4441187dd2b18d0fc0029efc3e35d8a7df167cb54b3c5c682c9cd0f9f2f266323cf5dbef45e503d44210679acee3c133

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuBA4E.tmp\System.dll
Filesize
9KB

MD5
b7c1799cd69553e6ac51fe329376b2b8

SHA1
21f47ffdb983360171317e4a8cc3b3e0523b0e8d

SHA256
596606a63b104da2c0e583605ab887031b8ad781102782ffccffb665e517f213

SHA512
4029f93cc8508cd665c7856d10c870af4441187dd2b18d0fc0029efc3e35d8a7df167cb54b3c5c682c9cd0f9f2f266323cf5dbef45e503d44210679acee3c133

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuBA4E.tmp\System.dll
Filesize
9KB

MD5
b7c1799cd69553e6ac51fe329376b2b8

SHA1
21f47ffdb983360171317e4a8cc3b3e0523b0e8d

SHA256
596606a63b104da2c0e583605ab887031b8ad781102782ffccffb665e517f213

SHA512
4029f93cc8508cd665c7856d10c870af4441187dd2b18d0fc0029efc3e35d8a7df167cb54b3c5c682c9cd0f9f2f266323cf5dbef45e503d44210679acee3c133

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuBA4E.tmp\System.dll
Filesize
9KB

MD5
b7c1799cd69553e6ac51fe329376b2b8

SHA1
21f47ffdb983360171317e4a8cc3b3e0523b0e8d

SHA256
596606a63b104da2c0e583605ab887031b8ad781102782ffccffb665e517f213

SHA512
4029f93cc8508cd665c7856d10c870af4441187dd2b18d0fc0029efc3e35d8a7df167cb54b3c5c682c9cd0f9f2f266323cf5dbef45e503d44210679acee3c133

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuBA4E.tmp\installmode.ini
Filesize
562B

MD5
7bbd3df3683a8a926f3d0f07eac0f205

SHA1
54fed79b1b448743fa16e6340c4c6bb81d103bc4

SHA256
02daa877f3b06c4cecd512c83734385693a59093b4d7f6b60513a0c53b3c3183

SHA512
824705b62ee9ed5e8fc289bfae73958ba4cf673c0400658d2e72ca1a14ca347fc036ba1c4d6d9bbfd0eda82e9896b2e044d86f04a6de4363b75be89f33533c5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuBA4E.tmp\{AE6AC3F9-B8E9-4f4d-927C-9DFB2EC416A0}.ini
Filesize
2KB

MD5
69a3bb061fe6d34f2bc5e24af96e654b

SHA1
0920831a6eb900f510c8b315339423f3e15ac68e

SHA256
7a48281cf0e904633534dfd27e180609c284d4655b2f4b1d6720d83f956b47a5

SHA512
20cc55322dae7253636ab828d9bee9262d508b99f7e6000b5bfeeff327b4971337807c216d148a89ed9cab3113451c617d349036aa23ed966eb51fc2373866b6

Download Submit