812546f30060ec4b6066aad50bb2692e3a452a6fb818b3bfcfcf4d2f63e2005b

Analysis

Target

SHRIKESH_Challan.exe
Size

632KB
MD5

8b12044f735c41d42ba2df8b35ef51a0
SHA1

de61c48f714fec31a90379184eb145fcf1772c7a
SHA256

3174e8d8ef60806faa8b1e19a54ad0d89912ad75bbe63af481c5007af6fe1ea0
SHA512

3bcac1afdcb9e5c0a6155501f01f1c2569a9fa43d6a2c57afa7b3d464ced04e5431ffefecfe20e25443febb5cc1f02251ab827b9ebc4d53d053cac63706a41a6

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1496 wrote to memory of 2456	1496	SHRIKESH_Challan.exe	78
PID 1496 wrote to memory of 2456	1496	SHRIKESH_Challan.exe	78
PID 1496 wrote to memory of 2456	1496	SHRIKESH_Challan.exe	78

C:\Users\Admin\AppData\Local\Temp\SHRIKESH_Challan.exe
"C:\Users\Admin\AppData\Local\Temp\SHRIKESH_Challan.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1496
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:2456

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact