16fc88c72d12e76ef848b9083855946f8135301db41d9030b5d2cebd75292e5f

Analysis

max time kernel
135s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2023, 10:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16fc88c72d12e76ef848b9083855946f8135301db41d9030b5d2cebd75292e5f.exe
Size

1.2MB
MD5

e662008b2af48cc40386f6046696ec16
SHA1

6dfb3ed3e8bab1116042d82a793fab544daaa536
SHA256

16fc88c72d12e76ef848b9083855946f8135301db41d9030b5d2cebd75292e5f
SHA512

5a3513664441316ac424070c1a89cea170bf930fc2eb1897bd223bca6bef54f3e5e869d2ebcaada3d92788f290255e81b131e9dfebbe44b08ec189a08277848a
SSDEEP

24576:W3I7XHuGEZvglJXfVEXpELG0YgemMMEtaovkBHnhkS3jrMJJrtv6c:WcXHglgPXfWmLG0TYMEcuuHn6STkxz

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2960	16fc88c72d12e76ef848b9083855946f8135301db41d9030b5d2cebd75292e5f.exe
2960	16fc88c72d12e76ef848b9083855946f8135301db41d9030b5d2cebd75292e5f.exe
2960	16fc88c72d12e76ef848b9083855946f8135301db41d9030b5d2cebd75292e5f.exe
2960	16fc88c72d12e76ef848b9083855946f8135301db41d9030b5d2cebd75292e5f.exe
2960	16fc88c72d12e76ef848b9083855946f8135301db41d9030b5d2cebd75292e5f.exe
2960	16fc88c72d12e76ef848b9083855946f8135301db41d9030b5d2cebd75292e5f.exe
2960	16fc88c72d12e76ef848b9083855946f8135301db41d9030b5d2cebd75292e5f.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\16fc88c72d12e76ef848b9083855946f8135301db41d9030b5d2cebd75292e5f.exe
"C:\Users\Admin\AppData\Local\Temp\16fc88c72d12e76ef848b9083855946f8135301db41d9030b5d2cebd75292e5f.exe"
1⤵
- Loads dropped DLL
PID:2960

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsp6EEC.tmp\InstallOptions.dll

Filesize
15KB

MD5
786110d3394edf4bb5c14e3e9a49f9e6

SHA1
4adf64a5999a1a41870fedefba22f67840f36f3a

SHA256
3ccb4385cd22b5c69bc2583e181da4085477906c193f04eb5a400801e00dbcd5

SHA512
e85e49b492a04188c46c90fef6ba5b177f85c670848f902748ec1540839ffb2f5d88563c14026328dd2100a48979ff8e67e7af1eee70fea0eb477c78db4d9524

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp6EEC.tmp\InstallOptions.dll

Filesize
15KB

MD5
786110d3394edf4bb5c14e3e9a49f9e6

SHA1
4adf64a5999a1a41870fedefba22f67840f36f3a

SHA256
3ccb4385cd22b5c69bc2583e181da4085477906c193f04eb5a400801e00dbcd5

SHA512
e85e49b492a04188c46c90fef6ba5b177f85c670848f902748ec1540839ffb2f5d88563c14026328dd2100a48979ff8e67e7af1eee70fea0eb477c78db4d9524

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp6EEC.tmp\InstallOptions.dll

Filesize
15KB

MD5
786110d3394edf4bb5c14e3e9a49f9e6

SHA1
4adf64a5999a1a41870fedefba22f67840f36f3a

SHA256
3ccb4385cd22b5c69bc2583e181da4085477906c193f04eb5a400801e00dbcd5

SHA512
e85e49b492a04188c46c90fef6ba5b177f85c670848f902748ec1540839ffb2f5d88563c14026328dd2100a48979ff8e67e7af1eee70fea0eb477c78db4d9524

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp6EEC.tmp\System.dll

Filesize
11KB

MD5
301a9c8739ed3ed955a1bdc472d26f32

SHA1
a830ab9ae6e8d046b7ab2611bea7a0a681f29a43

SHA256
6ec9fde89f067b1807325b05089c3ae4822ce7640d78e6f32dbe52f582de1d92

SHA512
41d88489ecb5ec64191493a1ed2ed7095678955d9fa72cccea2ae76dd794e62e7b5bd3aa2c313fb4bdf41c2f89f29e4cafe43d564ecad80fce1bf0a240b1e094

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp6EEC.tmp\UserInfo.dll

Filesize
4KB

MD5
e47edd32aa6f55c5e0f3d7807ef7801e

SHA1
a09626786256653c23d3c704417caf4a5f584759

SHA256
4a775a8062dcbd2a960076af0395c8182523d65ab1bcf3da3f77f94d31051568

SHA512
f7543ae3e73d29a83f80deabd5e5ace19cbf1a150bdf888ac35a5c64ba32a3261dd7644475e4a18e942808f4ee8ed73cf11c4bfae44f27473ea40989752b1167

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp6EEC.tmp\UserInfo.dll

Filesize
4KB

MD5
e47edd32aa6f55c5e0f3d7807ef7801e

SHA1
a09626786256653c23d3c704417caf4a5f584759

SHA256
4a775a8062dcbd2a960076af0395c8182523d65ab1bcf3da3f77f94d31051568

SHA512
f7543ae3e73d29a83f80deabd5e5ace19cbf1a150bdf888ac35a5c64ba32a3261dd7644475e4a18e942808f4ee8ed73cf11c4bfae44f27473ea40989752b1167

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp6EEC.tmp\UserInfo.dll

Filesize
4KB

MD5
e47edd32aa6f55c5e0f3d7807ef7801e

SHA1
a09626786256653c23d3c704417caf4a5f584759

SHA256
4a775a8062dcbd2a960076af0395c8182523d65ab1bcf3da3f77f94d31051568

SHA512
f7543ae3e73d29a83f80deabd5e5ace19cbf1a150bdf888ac35a5c64ba32a3261dd7644475e4a18e942808f4ee8ed73cf11c4bfae44f27473ea40989752b1167

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp6EEC.tmp\UserInfo.dll

Filesize
4KB

MD5
e47edd32aa6f55c5e0f3d7807ef7801e

SHA1
a09626786256653c23d3c704417caf4a5f584759

SHA256
4a775a8062dcbd2a960076af0395c8182523d65ab1bcf3da3f77f94d31051568

SHA512
f7543ae3e73d29a83f80deabd5e5ace19cbf1a150bdf888ac35a5c64ba32a3261dd7644475e4a18e942808f4ee8ed73cf11c4bfae44f27473ea40989752b1167

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp6EEC.tmp\UserInfo.dll

Filesize
4KB

MD5
e47edd32aa6f55c5e0f3d7807ef7801e

SHA1
a09626786256653c23d3c704417caf4a5f584759

SHA256
4a775a8062dcbd2a960076af0395c8182523d65ab1bcf3da3f77f94d31051568

SHA512
f7543ae3e73d29a83f80deabd5e5ace19cbf1a150bdf888ac35a5c64ba32a3261dd7644475e4a18e942808f4ee8ed73cf11c4bfae44f27473ea40989752b1167

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp6EEC.tmp\ioSpecial.ini

Filesize
1KB

MD5
0ee670064d7ca6cd8f14a80c461ebcf9

SHA1
b2284d30afefc3a92db8c459a9c9f6f59390a2b7

SHA256
1c495bd750e97ffa3df64fb6a4ce7be22196acd97a14ab97186e44ebaa17dd0a

SHA512
9f7190c9f21b3ec3150e3d370e053699c428ae7ae785d3745a9a0f20c538d1b97d33929be769f9f96870eea9142b4c04e43153aa7e8f6cf4cdf6e6b6c8c008db

Download Submit