f3680fe4c64d0581dc68bc1116798864dd9e361d7d50729e2d89844a58d1cd58

Analysis

Target

f3680fe4c64d0581dc68bc1116798864dd9e361d7d50729e2d89844a58d1cd58.exe
Size

712KB
MD5

b2c32c4ca386f1852032ad793d092f6e
SHA1

af22336c22d57eb7cea732f447cad7d2ecb37c2c
SHA256

f3680fe4c64d0581dc68bc1116798864dd9e361d7d50729e2d89844a58d1cd58
SHA512

df8e838da56136351a2e03db23aef2debd984d55cedc26c99570ad35c61293aa7c2918743afd86433d6d5bacd758127a2735a1dbbd3d1dabb2351a00670761f0

Score

7^/10

Drops startup file 1 IoCs

Processes:

f3680fe4c64d0581dc68bc1116798864dd9e361d7d50729e2d89844a58d1cd58.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sutup-Filer.exe.lnk	f3680fe4c64d0581dc68bc1116798864dd9e361d7d50729e2d89844a58d1cd58.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\f3680fe4c64d0581dc68bc1116798864dd9e361d7d50729e2d89844a58d1cd58.exe
"C:\Users\Admin\AppData\Local\Temp\f3680fe4c64d0581dc68bc1116798864dd9e361d7d50729e2d89844a58d1cd58.exe"
1⤵
- Drops startup file
PID:3028

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact