Overview

overview

10

Static

static

1

1.zip

windows7-x64

1

1.zip

windows10-2004-x64

1

AudioCapture.dll

windows7-x64

1

AudioCapture.dll

windows10-2004-x64

1

HTCTL32.dll

windows7-x64

1

HTCTL32.dll

windows10-2004-x64

3

NSM.lic

windows7-x64

3

NSM.lic

windows10-2004-x64

3

PCICHEK.dll

windows7-x64

1

PCICHEK.dll

windows10-2004-x64

1

PCICL32.dll

windows7-x64

1

PCICL32.dll

windows10-2004-x64

1

TCCTL32.dll

windows7-x64

1

TCCTL32.dll

windows10-2004-x64

1

client32.exe

windows7-x64

10

client32.exe

windows10-2004-x64

10

client32.ini

windows7-x64

1

client32.ini

windows10-2004-x64

1

msvcr100.dll

windows7-x64

3

msvcr100.dll

windows10-2004-x64

3

nskbfltr.inf

windows7-x64

1

nskbfltr.inf

windows10-2004-x64

1

nsm_vpro.ini

windows7-x64

1

nsm_vpro.ini

windows10-2004-x64

1

pcicapi.dll

windows7-x64

1

pcicapi.dll

windows10-2004-x64

1

remcmdstub.exe

windows7-x64

1

remcmdstub.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    156s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/05/2023, 11:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nsm_vpro.ini

  • Size

    46B

  • MD5

    3be27483fdcdbf9ebae93234785235e3

  • SHA1

    360b61fe19cdc1afb2b34d8c25d8b88a4c843a82

  • SHA256

    4bfa4c00414660ba44bddde5216a7f28aeccaa9e2d42df4bbff66db57c60522b

  • SHA512

    edbe8cf1cbc5fed80fedf963ade44e08052b19c064e8bca66fa0fe1b332141fbe175b8b727f8f56978d1584baaf27d331947c0b3593aaff5632756199dc470e5

Score
1/10

Malware Config

Signatures

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\nsm_vpro.ini
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:3336

Network

  • flag-us
    DNS
    154.239.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    154.239.44.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    196.249.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    196.249.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    63.13.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    63.13.109.52.in-addr.arpa
    IN PTR
    Response
  • 93.184.220.29:80
    322 B
     7
  • 93.184.220.29:80
    322 B
     7
  • 52.152.110.14:443
    260 B
     5
  • 8.238.178.254:80
    322 B
     7
  • 8.238.178.254:80
    322 B
     7
  • 173.223.113.164:443
    322 B
     7
  • 52.152.110.14:443
    260 B
     5
  • 8.238.178.254:80
    322 B
     7
  • 104.85.1.163:80
    322 B
     7
  • 204.79.197.203:80
    322 B
     7
  • 52.152.110.14:443
    260 B
     5
  • 52.152.110.14:443
    260 B
     5
  • 52.152.110.14:443
    260 B
     5
  • 52.152.110.14:443
    260 B
     5
  • 52.152.110.14:443
    52 B
     1
  • 8.8.8.8:53
    154.239.44.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    154.239.44.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    196.249.167.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    196.249.167.52.in-addr.arpa

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    63.13.109.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    63.13.109.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.