6c85c0c30888891e6acc548af91139955b0c669181d7c2b8eaf1dd40dd3293dc | Triage

Analysis

max time kernel
160s
max time network
172s
platform
windows7_x64
resource
win7-en-20211208
submitted
21/01/2022, 23:42

Sharing

Report Analysis Logs

General

Target

6c85c0c30888891e6acc548af91139955b0c669181d7c2b8eaf1dd40dd3293dc.exe
Size

9.5MB
MD5

afb66f6c58f71bd34ee52b0f4f4773f8
SHA1

6e8b530b23c4dcb28af05174909c1d8617d0e5f5
SHA256

6c85c0c30888891e6acc548af91139955b0c669181d7c2b8eaf1dd40dd3293dc
SHA512

6881d3cf632951feaf5862ff3c765dddc97c611bf05402e60b23187abf9c8f2d1a88286b18619c53c4e2fe5997d98d19bf0fea977e9d0b036a0c9cbde631f451

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1924	DllHost.exe

C:\Users\Admin\AppData\Local\Temp\6c85c0c30888891e6acc548af91139955b0c669181d7c2b8eaf1dd40dd3293dc.exe
"C:\Users\Admin\AppData\Local\Temp\6c85c0c30888891e6acc548af91139955b0c669181d7c2b8eaf1dd40dd3293dc.exe"
1⤵
PID:832

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
- Suspicious use of FindShellTrayWindow
PID:1924

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/832-54-0x0000000075B51000-0x0000000075B53000-memory.dmp

Filesize
8KB

Download
memory/832-55-0x0000000000C20000-0x0000000000C21000-memory.dmp

Filesize
4KB

Download
memory/1924-57-0x0000000000160000-0x0000000000162000-memory.dmp

Filesize
8KB

Download
memory/1924-58-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download