92ab8821f6c4eedc8bec6abee96520514061e32b772831dc3ecb8e71f8f7bcb3

Analysis

Target

Demande de prix.exe
Size

333KB
MD5

72c876e6f764bb1928d1f62c909b7c67
SHA1

2b75b06f02c650a06ed9ba9db90f3e7348d0b8be
SHA256

92ab8821f6c4eedc8bec6abee96520514061e32b772831dc3ecb8e71f8f7bcb3
SHA512

3e4a8b38bf5de65deca31259338fa3e2e4287b3f3ec7558e7ea7da59835289c5d286ab9e1a74bec4399b287a94908e58f5d62700ca056fa6702e6af824958b59

Score

8^/10

Executes dropped EXE 1 IoCs

Processes:

dsaxa.exe

pid process

2696 dsaxa.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
2696	dsaxa.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

Demande de prix.exedsaxa.exe

description	pid	process	target process
PID 1376 wrote to memory of 2696	1376	Demande de prix.exe	dsaxa.exe
PID 1376 wrote to memory of 2696	1376	Demande de prix.exe	dsaxa.exe
PID 1376 wrote to memory of 2696	1376	Demande de prix.exe	dsaxa.exe
PID 2696 wrote to memory of 3292	2696	dsaxa.exe	dsaxa.exe
PID 2696 wrote to memory of 3292	2696	dsaxa.exe	dsaxa.exe
PID 2696 wrote to memory of 3292	2696	dsaxa.exe	dsaxa.exe

C:\Users\Admin\AppData\Local\Temp\Demande de prix.exe
"C:\Users\Admin\AppData\Local\Temp\Demande de prix.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1376

C:\Users\Admin\AppData\Local\Temp\dsaxa.exe
C:\Users\Admin\AppData\Local\Temp\dsaxa.exe C:\Users\Admin\AppData\Local\Temp\txhqogil
3⤵
PID:3292

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

C:\Users\Admin\AppData\Local\Temp\dsaxa.exe
MD5
78f766ad7d7e23faecf6384147dcfae9

SHA1
07894888023bd1e068e45641c7b12fa4a1cc9376

SHA256
a3976abc44f16aa53b33e27ec429889a09e7200ed15b29966dc29990fdf1f74b

SHA512
788cadacfff3ba1290a3c34f038820b6e9163a1a0f5a9dc7ae6bbbdf02dc76051aa3d12a3007f36483eba2af4c90da2a7ef2a7b188bbed22e0431e0784fd29e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\dsaxa.exe
MD5
78f766ad7d7e23faecf6384147dcfae9

SHA1
07894888023bd1e068e45641c7b12fa4a1cc9376

SHA256
a3976abc44f16aa53b33e27ec429889a09e7200ed15b29966dc29990fdf1f74b

SHA512
788cadacfff3ba1290a3c34f038820b6e9163a1a0f5a9dc7ae6bbbdf02dc76051aa3d12a3007f36483eba2af4c90da2a7ef2a7b188bbed22e0431e0784fd29e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\f2dtluw9kxt
MD5
ca3b8fc9e538982f07ed1f80e567fa38

SHA1
f682686846ca013708621f7a018305efbb221269

SHA256
0bfaaf2fbcb9678a6cef0ff2e633d0df158e3739595ea8d7f2b2ebb0f48f4565

SHA512
d59408f31fec70a481b88046ecdf89abadece69b129f1dd0d6d7f05c8cf3fbd5ae13d161e482a9ddce44815d445e2ea44a5efb58c134e51bb5a76f454cea0ac5

Download Submit
C:\Users\Admin\AppData\Local\Temp\txhqogil
MD5
728e31cf245db7ed3c805595387f8906

SHA1
655133d8295a0f090fd8bf3841c5688fb32d0858

SHA256
966ddea35f8e384affe2ebcd373221a10454af54d1806f451259893abe416065

SHA512
7a15637736432ab615f1893475f3e89ee3fbf8991bb5e5df8c36f401439788f2daf56705d0c67308cb27156af2dfb7a54744ec25ee97adeb948fa80de6ecf5cb

Download Submit