Overview

overview

10

Static

static

1

5459e76ca8...36.exe

windows7-x64

7

5459e76ca8...36.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    31s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    23-03-2023 05:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5459e76ca86cd38d8a4a256489488436.exe

  • Size

    758KB

  • MD5

    5459e76ca86cd38d8a4a256489488436

  • SHA1

    a2f21eacf0a7bac7fb5eabd1eee86672ec27d298

  • SHA256

    c4a95382e258044e99c625376401a7fc0602d970ebaa20c91f1e31f83038bd76

  • SHA512

    f94a87b5ea6f498ff4db0fba585121f0ff0748136f2482fdb4a503e18280c74814a30c5c228c1fc7e0a14bb618a81f8932479a66f4e5fcffff4d782161a6a4f6

  • SSDEEP

    12288:HyFEX6hGuVsBt0IXE/pZ2rCJj5kIqlBePHcn0INGBNcKyyizFprs/xcTB:SFEKhGus8oKcrgaI6BePcnWczyGzQ/I

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\5459e76ca86cd38d8a4a256489488436.exe
    "C:\Users\Admin\AppData\Local\Temp\5459e76ca86cd38d8a4a256489488436.exe"
    1⤵
    • Loads dropped DLL
    PID:1808

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsi907.tmp\System.dll
    Filesize

    11KB

    MD5

    4ca4fd3fbefa2f6e87e6e9ee87d1c0b3

    SHA1

    7cdbeb5ff2b14b86af04e075d0ca651183ea5df4

    SHA256

    d09a8b3ade4ba4b7292c0b3da1bcb4b6c6e2012e0ccfd5e029a54af73a9e1b57

    SHA512

    cf0f415a97fdc74568297fed4f1295d0d2aef487a308141144ef8d5f04c669ef4795c273e745b81065429adde113fcdedf4c22717a7aeef60fdcd8d4d46f97f8

    Download Submit

  • memory/1808-79-0x0000000003720000-0x00000000042EA000-memory.dmp

    Filesize

    11.8MB

    Download

  • memory/1808-80-0x0000000003720000-0x00000000042EA000-memory.dmp

    Filesize

    11.8MB

    Download