d33b7c5b460c4e95c8af0544053af0999f6d11773cf70e8f2cc2d69eb674b8fe

Analysis

max time kernel
152s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03/04/2023, 17:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sbsetup_x86.exe
Size

51.3MB
MD5

ff6ed585f817df7ede4c13d22bd3db75
SHA1

3706db4183028024a72efe4ac0558d9dd9900c4d
SHA256

d33b7c5b460c4e95c8af0544053af0999f6d11773cf70e8f2cc2d69eb674b8fe
SHA512

d862000f87b4a3c6d636ee7aa6e670aace506ae58997e943773fe17eb5861daf4d3c81f678de4c1bf7e4a0456dbb12c7490b8b35aa5f8d9d02b36e25f5717b66
SSDEEP

786432:gxCTyXUkhSo/lXkrzyNgqJfc9efwmAGxReiZ/Rz04uBV6KncTRyhVLK3adix/vXM:yCTDkUoVkCVJUsfsGxR/Nw6mFh9YxXDQ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2780	sb7z_x86_console.exe

Loads dropped DLL 5 IoCs

pid	Process
4132	sbsetup_x86.exe
4132	sbsetup_x86.exe
4132	sbsetup_x86.exe
4132	sbsetup_x86.exe
4132	sbsetup_x86.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4132 wrote to memory of 2780	4132	sbsetup_x86.exe	95
PID 4132 wrote to memory of 2780	4132	sbsetup_x86.exe	95
PID 4132 wrote to memory of 2780	4132	sbsetup_x86.exe	95

C:\Users\Admin\AppData\Local\Temp\sbsetup_x86.exe
"C:\Users\Admin\AppData\Local\Temp\sbsetup_x86.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4132
- C:\Users\Admin\AppData\Local\Temp\sb7z_x86_console.exe
  "C:\Users\Admin\AppData\Local\Temp\sb7z_x86_console.exe" -o"C:\Program Files (x86)\SlimBrowser" -y
  2⤵
  - Executes dropped EXE
  PID:2780

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nst84C7.tmp\LangDLL.dll

Filesize
5KB

MD5
a1cd3f159ef78d9ace162f067b544fd9

SHA1
72671fdf4bfeeb99b392685bf01081b4a0b3ae66

SHA256
47b9e251c9c90f43e3524965aecc07bd53c8e09c5b9f9862b44c306667e2b0b6

SHA512
ccc70166c7d7746cd42cd0cec322b2adf4a478ff67c35d465f0f0f5b2b369c996a95557b678c09cb21b8311d8a91eed4196ddc218ea7d510f81464669b911362

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst84C7.tmp\NSISdl.dll

Filesize
15KB

MD5
7caaf58a526da33c24cbe122e7839693

SHA1
7687112cb6593947226f8a8319d6e2d0cdef3b11

SHA256
19debdc4c0b6f5dc9582bda7a2c1146516f683e8d741190e6d4b81ad10b33f61

SHA512
aafd0cb2abb3d2dee95c2d037a6a1a5bff0518e3210ced0c39e6d6696e4fab4734df01476fe9dcb208f02c529cd03346bc8b7f3319ae49701bbf2cb453d59bae

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst84C7.tmp\UserInfo.dll

Filesize
4KB

MD5
c7ce0e47c83525983fd2c4c9566b4aad

SHA1
38b7ad7bb32ffae35540fce373b8a671878dc54e

SHA256
6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae

SHA512
ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst84C7.tmp\UserInfo.dll

Filesize
4KB

MD5
c7ce0e47c83525983fd2c4c9566b4aad

SHA1
38b7ad7bb32ffae35540fce373b8a671878dc54e

SHA256
6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae

SHA512
ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst84C7.tmp\UserInfo.dll

Filesize
4KB

MD5
c7ce0e47c83525983fd2c4c9566b4aad

SHA1
38b7ad7bb32ffae35540fce373b8a671878dc54e

SHA256
6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae

SHA512
ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst84C7.tmp\nsExec.dll

Filesize
6KB

MD5
132e6153717a7f9710dcea4536f364cd

SHA1
e39bc82c7602e6dd0797115c2bd12e872a5fb2ab

SHA256
d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2

SHA512
9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\sb7z_x86_console.exe

Filesize
17.5MB

MD5
2465c98f051e4a381d96b7651ebd247b

SHA1
5242d8f45510b0926ddd74ea4ffca7e1180bb339

SHA256
c097d146729968c6fdb689d5a5d039d1a3149652f861bcd535f764a86f0ad8af

SHA512
a9796217d70808fdeec1565f89741699be71d27354b71339cd4ba056094ff4cdff68b6ffb164ddb9db495943b0751a0ca744ddcc454a01d57ca7177e1e0aad47

Download Submit
C:\Users\Admin\AppData\Local\Temp\sb7z_x86_console.exe

Filesize
13.1MB

MD5
f920006c74bf783ff124e6e9695e7b77

SHA1
4d80ac98a47195312f115e376a5108fdd29c2da1

SHA256
d6c4d988a5fbfd7c8d94f3be05407cc5be94afbaf24726a3cb61ccbb4c367b0c

SHA512
6bd3600e215d544971c3ffc90c239032c77213e6b269f2f2bd3f8fd8677caa1d9c7ec086d4f4e30f49585dabbb4a5d0d3af93941e05c88ed265eafbb8706eab9

Download Submit