5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e

General

Target

5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
Size

1.2MB
MD5

048aadaef3ed51a5c0bdc1a0a742fbcd
SHA1

3864a99638760f76e76ac65ed2943912079c0b98
SHA256

5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e
SHA512

fbfbc0c7dc93114e8d555b3402c75343801c4f813f53fcb87a6c9234dc9ddba17e5e8f68ba6a16e1f1e79b51c3041fd172008c97ba884d368996cb648d08dce1

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 49 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe

description	ioc	process
File opened (read-only)	\??\k:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\L:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\p:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\S:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\x:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\g:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\i:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\y:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\b:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\e:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\h:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\H:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\m:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\P:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\Q:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\A:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\j:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\O:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\w:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\a:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\I:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\q:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\s:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\Y:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\E:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\f:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\G:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\l:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\M:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\n:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\r:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\R:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\B:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\U:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\F:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\N:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\o:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\t:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\T:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\u:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\V:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\D:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\z:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\Z:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\W:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\K:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\v:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\X:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
File opened (read-only)	\??\J:	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe

pid	process
1520	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
1520	5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe

C:\Users\Admin\AppData\Local\Temp\5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe
"C:\Users\Admin\AppData\Local\Temp\5f6bbd8a228200f32915edd97f2762734b7e45fb24a3cf01ac838090e7e4d45e.exe"
1⤵
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
PID:1520