c5741701b3866459dd1ffa2477cfd8776713612912693a5897f78aac795d23e9

max time kernel
22s
max time network
16s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
25/03/2025, 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RansomwareSamples/Nemty_03_02_2021_124KB.exe
Size

123KB
MD5

78c3c27df6232caa15679c6b72406799
SHA1

e439d28b6bb6fd449bddad9cf36c97433a363aed
SHA256

a2fe2942436546be34c1f83639f1624cae786ab2a57a29a75f27520792cbf3da
SHA512

36dcdaffaef3ea2136cca3386f18ee3f6462aa66c82ef64660e3c300f3d58720a9c742930e2ee8e94c2379fbc7b3e6932dda20b5caa30b1c1f1ef38095aac6f6
SSDEEP

3072:xlwfdbiGnmYcAbwc7HNXG8/IEjkeOBeFtEv9VTYnH5upMocGMn7qxR1tMkTJNzn:DwfY2sA0kHFkktN5upMocGMns/lNzn

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (148) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	Nemty_03_02_2021_124KB.exe
File opened (read-only)	\??\V:	Nemty_03_02_2021_124KB.exe
File opened (read-only)	\??\E:	Nemty_03_02_2021_124KB.exe
File opened (read-only)	\??\J:	Nemty_03_02_2021_124KB.exe
File opened (read-only)	\??\P:	Nemty_03_02_2021_124KB.exe
File opened (read-only)	\??\S:	Nemty_03_02_2021_124KB.exe
File opened (read-only)	\??\X:	Nemty_03_02_2021_124KB.exe
File opened (read-only)	\??\Z:	Nemty_03_02_2021_124KB.exe
File opened (read-only)	\??\K:	Nemty_03_02_2021_124KB.exe
File opened (read-only)	\??\R:	Nemty_03_02_2021_124KB.exe
File opened (read-only)	\??\T:	Nemty_03_02_2021_124KB.exe
File opened (read-only)	\??\W:	Nemty_03_02_2021_124KB.exe
File opened (read-only)	\??\A:	Nemty_03_02_2021_124KB.exe
File opened (read-only)	\??\H:	Nemty_03_02_2021_124KB.exe
File opened (read-only)	\??\I:	Nemty_03_02_2021_124KB.exe
File opened (read-only)	\??\M:	Nemty_03_02_2021_124KB.exe
File opened (read-only)	\??\N:	Nemty_03_02_2021_124KB.exe
File opened (read-only)	\??\O:	Nemty_03_02_2021_124KB.exe
File opened (read-only)	\??\Q:	Nemty_03_02_2021_124KB.exe
File opened (read-only)	\??\Y:	Nemty_03_02_2021_124KB.exe
File opened (read-only)	\??\B:	Nemty_03_02_2021_124KB.exe
File opened (read-only)	\??\G:	Nemty_03_02_2021_124KB.exe
File opened (read-only)	\??\L:	Nemty_03_02_2021_124KB.exe

C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\Nemty_03_02_2021_124KB.exe
"C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\Nemty_03_02_2021_124KB.exe"
1⤵
- Enumerates connected drives
PID:2928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PerfLogs\Admin\MILIHPEN-INSTRUCT.txt

Filesize
1KB

MD5
ee42367c45eb71d049fc7a92cae5a413

SHA1
3063b523256094710b8c9bf050b2dadbd079eef8

SHA256
02be0608a9c57572d77808769b262696d1741d680b330dbb9ef6e7a145b88bc7

SHA512
81bf463cf1335a89c590b1e24689f5eb5f28a001c5b43693db74b1b87dbb7c1255022f1bb4ef7ae6211af9d7f59aaaba8836d01b3c9a2b9f2aee2a39c27975ba

Download Submit

Resubmissions

Analysis