ca81a544ed18f3e5e8c129e335c874fcd4f141a4aa0d9789e060a80e79fbdf2b

Analysis

max time kernel
156s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
21-03-2023 14:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24cebe5631047fe2681c97e1c582fd27cfa9520e431e5212db55cd1b14b3afba.exe
Size

423KB
MD5

81c6334642219323545f7bab1db856d3
SHA1

74d7e2cfe0455585c8e50bb6a1c74be75de7eb4d
SHA256

24cebe5631047fe2681c97e1c582fd27cfa9520e431e5212db55cd1b14b3afba
SHA512

7553617a2416cbe3ebc074ca0a9258e73c718451a9f8a38e6f4ffb4e065afbc303f637db15e9888aa7cce33b5cf0714d23f3d71c7f9b91bec8b01aeae73d92e5
SSDEEP

6144:u6bAcJvkzKmPPzS58G93IuZnB+HfWM7Zn4N9/qbry9vgrU4us2hLrc3JNZ7Yl:t7ubCHICBcWM7Zn4bib29vaULhL6Z7c

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2848	24cebe5631047fe2681c97e1c582fd27cfa9520e431e5212db55cd1b14b3afba.exe
2848	24cebe5631047fe2681c97e1c582fd27cfa9520e431e5212db55cd1b14b3afba.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Common Files\Cyberkunderne150\Oliebilledets.ter	24cebe5631047fe2681c97e1c582fd27cfa9520e431e5212db55cd1b14b3afba.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\24cebe5631047fe2681c97e1c582fd27cfa9520e431e5212db55cd1b14b3afba.exe
"C:\Users\Admin\AppData\Local\Temp\24cebe5631047fe2681c97e1c582fd27cfa9520e431e5212db55cd1b14b3afba.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:2848

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsqBCED.tmp\AdvSplash.dll

Filesize
6KB

MD5
e8b67a37fb41d54a7eda453309d45d97

SHA1
96be9bf7a988d9cea06150d57cd1de19f1fec19e

SHA256
2ad232bccf4ca06cf13475af87b510c5788aa790785fd50509be483afc0e0bcf

SHA512
20effae18eebb2df90d3186a281fa9233a97998f226f7adead0784fbc787feee419973962f8369d8822c1bbcdfb6e7948d9ca6086c9cf90190c8ab3ec97f4c38

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqBCED.tmp\System.dll

Filesize
11KB

MD5
8b3830b9dbf87f84ddd3b26645fed3a0

SHA1
223bef1f19e644a610a0877d01eadc9e28299509

SHA256
f004c568d305cd95edbd704166fcd2849d395b595dff814bcc2012693527ac37

SHA512
d13cfd98db5ca8dc9c15723eee0e7454975078a776bce26247228be4603a0217e166058ebadc68090afe988862b7514cb8cb84de13b3de35737412a6f0a8ac03

Download Submit