Overview

overview

7

Static

static

1

7e9699491d...d0.exe

windows7-x64

7

7e9699491d...d0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/03/2023, 21:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7e9699491dfa893482359d7042dfe62dbca6a4f26ca2af7d8b5745d3743c71d0.exe

  • Size

    1.9MB

  • MD5

    c2f860a1126ee82406aeaf13d0eda160

  • SHA1

    2da4d257869c23709b3c430b3daef1e150818f10

  • SHA256

    7e9699491dfa893482359d7042dfe62dbca6a4f26ca2af7d8b5745d3743c71d0

  • SHA512

    47fe9673ad9b0452ad4958df4256ff5e1197a70368d758cf581ebf6bd0169e6eab4e88f50cf56f22ed77c0d5e80d18b6ce4220896544eaab52b444fb02d7ff54

  • SSDEEP

    49152:EMPsRm5t6PGb+zqaQwsX7NAy9IeH30gW8Dpj:EM0Rm5sseqay7my9IeX0gFDpj

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7e9699491dfa893482359d7042dfe62dbca6a4f26ca2af7d8b5745d3743c71d0.exe
    "C:\Users\Admin\AppData\Local\Temp\7e9699491dfa893482359d7042dfe62dbca6a4f26ca2af7d8b5745d3743c71d0.exe"
    1⤵
    • Loads dropped DLL
    PID:4536

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsr8C48.tmp\InstallOptions.dll
          Filesize

          14KB

          MD5

          325b008aec81e5aaa57096f05d4212b5

          SHA1

          27a2d89747a20305b6518438eff5b9f57f7df5c3

          SHA256

          c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

          SHA512

          18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsr8C48.tmp\ioSpecial.ini
          Filesize

          625B

          MD5

          e5b4b0c92ce2e79eb38071876b91519b

          SHA1

          cb5353a1402466401ebd08ca985c1ae85be8c330

          SHA256

          0392eef7af48ecea8f4ae4e4f4d3c5ba32838acebd6fae76c74a992afcea0a8d

          SHA512

          5da57d167f58a35ef8a6eaba59b790850d2b17633d26f07b08c589e3c9c2b8f6f8f2c692d899c63563bbaa4a4f1dcf37de8ecacabfa9b6b6c28000502f9e2c4f

          Download Submit