edee91b9723d12ba9f50ad0384c2cfa472b81cc7265280868020e3a3e05a69c9

Analysis

max time kernel
27s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
12-04-2023 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

edee91b9723d12ba9f50ad0384c2cfa472b81cc7265280868020e3a3e05a69c9.exe
Size

11.6MB
MD5

0a73083de5e80d8e0657fd5188230c0c
SHA1

3525c64c1d18fb5f79a4752bc727569cbf0c10b5
SHA256

edee91b9723d12ba9f50ad0384c2cfa472b81cc7265280868020e3a3e05a69c9
SHA512

6248781e973441e9f3bfb76588152e611e4111779be1897f452232b30c7cb2a35af41216eb6278245088cbb67d73a4e6029fabd198e7f53e46e18b6e95757264
SSDEEP

196608:Oh/Wduf8jW7H+RejakjMHstgh6PpU7f4Ea5wbeLNqptIljYfAohYvZ7bqWme:G8G6em3HstgKU05wwNqptY0fJhYlxz

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1416	edee91b9723d12ba9f50ad0384c2cfa472b81cc7265280868020e3a3e05a69c9.exe
1416	edee91b9723d12ba9f50ad0384c2cfa472b81cc7265280868020e3a3e05a69c9.exe
1416	edee91b9723d12ba9f50ad0384c2cfa472b81cc7265280868020e3a3e05a69c9.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\edee91b9723d12ba9f50ad0384c2cfa472b81cc7265280868020e3a3e05a69c9.exe
"C:\Users\Admin\AppData\Local\Temp\edee91b9723d12ba9f50ad0384c2cfa472b81cc7265280868020e3a3e05a69c9.exe"
1⤵
- Loads dropped DLL
PID:1416

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nst3526.tmp\SkinBtn.dll

Filesize
4KB

MD5
e4ec95271ff1bcebab49bdfed6817a22

SHA1
2c03e97f4773aea80ecdb98a1482e5896fe4677b

SHA256
ee1c06692a757473737b0ebdef16f77b63afac864d0890022d905e4873737dd6

SHA512
771a527133806307a1b17b7e956d6a3c16e9bc675bf084b43204ae784a057dac2726dbf90645692876043a4e7365ba8825c167621fde4760c79cd84679e2aa3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst3526.tmp\System.dll

Filesize
11KB

MD5
fbe295e5a1acfbd0a6271898f885fe6a

SHA1
d6d205922e61635472efb13c2bb92c9ac6cb96da

SHA256
a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1

SHA512
2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst3526.tmp\btn_weakbtn.bmp

Filesize
21KB

MD5
2e3fe91758d2e8a4937333c0e3d196d8

SHA1
e3b9660c3ab0119dbf40f0e4a8c749eaef8ba1ea

SHA256
cfc750f00d3392a0b59edad27966ef6d8fc4b715a504b504a3c1bcb295b203ee

SHA512
c9e78b2563467df84d570ae703864059f81444a53c7f6e739fea5561e0458475ae61ae7336097d514ff2f85ab583a82e1f9e58853b2d1f7568e6c15c7319e497

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst3526.tmp\nsDialogs.dll

Filesize
9KB

MD5
ab101f38562c8545a641e95172c354b4

SHA1
ec47ac5449f6ee4b14f6dd7ddde841a3e723e567

SHA256
3cdf3e24c87666ed5c582b8b028c01ee6ac16d5a9b8d8d684ae67605376786ea

SHA512
72d4b6dc439f40b7d68b03353a748fc3ad7ed10b0401741c5030705d9b1adef856406075e9ce4f1a08e4345a16e1c759f636c38ad92a57ef369867a9533b7037

Download Submit
\Users\Admin\AppData\Local\Temp\nst3526.tmp\SkinBtn.dll

Filesize
4KB

MD5
e4ec95271ff1bcebab49bdfed6817a22

SHA1
2c03e97f4773aea80ecdb98a1482e5896fe4677b

SHA256
ee1c06692a757473737b0ebdef16f77b63afac864d0890022d905e4873737dd6

SHA512
771a527133806307a1b17b7e956d6a3c16e9bc675bf084b43204ae784a057dac2726dbf90645692876043a4e7365ba8825c167621fde4760c79cd84679e2aa3d

Download Submit
\Users\Admin\AppData\Local\Temp\nst3526.tmp\System.dll

Filesize
11KB

MD5
fbe295e5a1acfbd0a6271898f885fe6a

SHA1
d6d205922e61635472efb13c2bb92c9ac6cb96da

SHA256
a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1

SHA512
2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06

Download Submit
\Users\Admin\AppData\Local\Temp\nst3526.tmp\nsDialogs.dll

Filesize
9KB

MD5
ab101f38562c8545a641e95172c354b4

SHA1
ec47ac5449f6ee4b14f6dd7ddde841a3e723e567

SHA256
3cdf3e24c87666ed5c582b8b028c01ee6ac16d5a9b8d8d684ae67605376786ea

SHA512
72d4b6dc439f40b7d68b03353a748fc3ad7ed10b0401741c5030705d9b1adef856406075e9ce4f1a08e4345a16e1c759f636c38ad92a57ef369867a9533b7037

Download Submit
memory/1416-96-0x0000000001F80000-0x0000000001F81000-memory.dmp

Filesize
4KB

Download